Certified Information Systems Auditor (CISA) — Question 754

A vendor requires privileged access to a key business application. Which of the following is the BEST recommendation to reduce the risk of data leakage?

Answer options

• A. Perform a review of privileged roles and responsibilities.
• B. Implement real-time activity monitoring for privileged roles.
• C. Require the vendor to implement job rotation for privileged roles.
• D. Include the right-to-audit in the vendor contract.

Correct answer: B

Explanation

Implementing real-time activity monitoring for privileged roles allows for ongoing oversight of actions taken by the vendor, which can quickly identify and mitigate any potential data leakage. While reviewing roles, job rotation, and including audit rights are all important practices, they do not provide the immediate visibility and control that real-time monitoring offers.