Certified Information Systems Security Professional (CISSP) — Question 367

Which of the following should exist in order to perform a security audit?

Answer options

• A. Neutrality of the auditor
• B. Industry framework to audit against
• C. External (third-party) auditor
• D. Internal certified auditor

Correct answer: B

Explanation

A framework from the industry to benchmark against is essential for a security audit as it provides standardized criteria to evaluate security practices. While neutrality, third-party auditors, and internal certified auditors can enhance the audit process, they do not replace the need for an established framework to guide the audit itself.