Certified Information Systems Auditor (CISA) — Question 677

An IS auditor finds that an organization's data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor's MAIN concern should be that:

Answer options

• A. violation reports may not be reviewed in a timely manner.
• B. violations may not be categorized according to the organization's risk profile.
• C. a significant number of false positive violations may be reported.
• D. violation reports may not be retained according to the organization's risk profile.

Correct answer: B

Explanation

The main concern with using vendor default settings is that they may not align with the specific risk profile of the organization, leading to inadequate categorization of violations. While false positives (C) and retention of reports (D) are important, they are secondary to ensuring that violations are classified correctly according to the organization's unique needs. Timeliness of review (A) is also a concern, but it does not directly impact the categorization of risks.