Certified Information Systems Auditor (CISA) — Question 823

An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?

Answer options

• A. Access control requirements
• B. Hardware configurations
• C. Help desk availability
• D. Perimeter network security diagram

Correct answer: A

Explanation

Access control requirements are critical for ensuring that only authorized personnel can access sensitive systems and data, making their absence a major concern. While hardware configurations, help desk availability, and perimeter network security diagrams are important, they do not directly impact the fundamental security of access to IT facilities as access controls do.