Certified Information Systems Auditor (CISA) — Question 955

Which of the following should be an IS auditor’s GREATEST concern when assessing an IT service configuration database?

Answer options

• A. The database is not encrypted at rest.
• B. The database is read-accessible for all users.
• C. The database is executable for all users.
• D. The database is write-accessible for all users.

Correct answer: D

Explanation

The greatest concern for an IS auditor is that the database is write-accessible for all users because this poses a significant risk of unauthorized changes or data corruption. While encryption, read access, and executable permissions are important, unrestricted write access can lead to the most severe security breaches and integrity issues.