Certified Information Systems Auditor (CISA) — Question 685

An IS auditor is reviewing security controls related to collaboration tools for a business unit responsible for intellectual property and patents. Which of the following observations should be of MOST concern to the auditor?

Answer options

• A. Training was not provided to the department that handles intellectual property and patents.
• B. Logging and monitoring for content filtering is not enabled.
• C. The collaboration tool is hosted and can only be accessed via an Internet browser.
• D. Employees can share files with users outside the company through collaboration tools.

Correct answer: D

Explanation

The correct answer is D because allowing employees to share files with external users poses a significant risk to the confidentiality of intellectual property and patents. Options A, B, and C, while concerning, do not present an immediate and severe risk to sensitive information compared to the potential data leakage from external sharing.