Certified Information Systems Auditor (CISA) — Question 874

A security administrator is called in the middle of the night by the on-call programmer. A number of programs have failed, and the programmer has asked for access to the live system. What is the BEST course of action?

Answer options

• A. Review activity logs the following day and investigate any suspicious activity.
• B. Give the programmer read-only access to investigate the problem.
• C. Require that a change request be completed and approved.
• D. Give the programmer an emergency ID for temporary access and review the activity.

Correct answer: D

Explanation

The best option is D because it allows the programmer to address the urgent issue while ensuring that their access is monitored. Option A delays the response to the problem, while B does not provide sufficient access for troubleshooting. Option C is impractical in an emergency situation where immediate action is needed.