Certified Information Systems Auditor (CISA) — Question 724

During an investigation, it was determined that an employee leaked company system administrative credentials on a public social media site. What is the IS auditor’s FIRST recommendation?

Answer options

• A. Prosecute the employee
• B. Change privileged passwords
• C. Initiate forensic investigation
• D. Initiate shutdown of the system

Correct answer: B

Explanation

The correct answer is to change privileged passwords because it is essential to secure the system immediately to prevent any unauthorized access following the leak. While prosecuting the employee and initiating a forensic investigation are important, they should come after ensuring that the system is protected by updating the passwords. Shutting down the system may not be necessary and could disrupt operations without addressing the immediate risk.