Certified Information Systems Auditor (CISA) — Question 784
An IS auditor is reviewing how password resets are performed for users working remotely. Which type of documentation should be requested to understand the detailed steps required for this, activity?
Answer options
- A. Procedures
- B. Policies
- C. Standards
- D. Guidelines
Correct answer: A
Explanation
The correct answer is A, as procedures outline the specific steps to be followed in a process, such as password resets. Policies provide overarching rules, standards set minimum requirements, and guidelines offer recommendations, but none of these detail the step-by-step actions needed for the password reset process.