Certified Information Systems Auditor (CISA) — Question 808

While conducting an IT operations audit, an internal IS auditor discovers there are backup media missing that potentially contain unencrypted data. Which of the following should be the IS auditor’s NEXT step?

Answer options

• A. Review the backup media policy and procedures.
• B. Notify legal and regulatory authorities of the lost media.
• C. Write a report regarding the missing media.
• D. Determine what data is on the missing media.

Correct answer: D

Explanation

The correct next step is to determine what data is on the missing media, as this will help assess the potential risk and impact of the loss. Reviewing policies or notifying authorities may be necessary later, but first, understanding the data involved is crucial. Writing a report can come after the severity and implications are understood.