Certified Information Systems Auditor (CISA) — Question 873

An IS auditor has been asked to review an event log aggregation system to ensure risk management practices have been applied. Which of the following should be of MOST concern to the auditor?

Answer options

• A. Completeness testing has not been performed on the log data.
• B. Log feeds are uploaded via batch process.
• C. The log data is not normalized.
• D. Data encryption standards have not been considered.

Correct answer: A

Explanation

Completeness testing is crucial to ensure that all relevant log data is captured and available for analysis; without it, important security events may be overlooked. While the other options present potential issues, they do not directly impact the integrity and comprehensiveness of the log data as significantly as the lack of completeness testing does.