Certified Information Systems Auditor (CISA) — Question 755

Which of the following should be an IS auditor's PRIMARY focus when evaluating the response process for cyber crimes?

Answer options

• A. Communication with law enforcement
• B. Notification to regulators
• C. Evidence collection
• D. Root cause analysis

Correct answer: C

Explanation

The correct answer is C, as evidence collection is crucial for understanding the incident and supporting any legal actions. While communication with law enforcement, notifying regulators, and root cause analysis are important, they are secondary to the immediate need for collecting evidence to ensure a thorough investigation.