Certified Information Systems Auditor (CISA) — Question 684

An IS auditor notes that application super-user activity was not recorded in system logs. What is the auditor's BEST course of action?

Answer options

• A. Investigate the reason for the lack of logging.
• B. Report the issue to the audit manager.
• C. Recommend activation of super-user activity logging.
• D. Recommend a least-privilege access model.

Correct answer: A

Explanation

The best initial action is to examine why logging is absent, as understanding the root cause allows for a more informed response. Simply reporting the issue or recommending actions without understanding the underlying problem may not effectively address the situation. Implementing a least-privilege access model is a good practice but does not directly resolve the logging issue.