Which of the following is a MAJOR concern for the IS auditor? WHY?
CASE STUDY B
An organization has implemented an integrated application for supporting business processes. It has also entered into an agreement with a vendor for application maintenance and providing support to the users and system administrators. This support will be provided by a remote vendor support center using a privileged user ID with OS-level superuser authority having read and write access to all files. The vendor will use this special user ID to log on to the system for troubleshooting and implementing application updates (patches). Due to the volume of transactions, activity logs are only maintained for 90 days.
Questions
Select the letter of your best answer and provide further explanation to elaborate on your answer.
- Which of the following is a MAJOR concern for the IS auditor? WHY?
- User activity logs are only maintained for 90 days.
- The special user ID will access the system remotely.
- The special user ID can alter activity log files.
- The vendor will be testing and implementing patches on servers.
- Which of the following actions would be MOST effective in reducing the risk that the privileged user account
may be misused? WHY?
- The special user ID should be disabled except when maintenance is required.
- All usage of the special user account should be logged.
- The agreement should be modified so that all support is performed onsite.
- All patches should be tested and approved prior to implementation.
Trending now
This is a popular solution!
Step by step
Solved in 2 steps
