An IS auditor notes that application super-user activity was not recorded in system logs. What is the auditor's BEST course of action?
An IS auditor notes that application super-user activity was not recorded in system logs. What is the auditor's BEST course of action?
Upon noting that application super-user activity is not being recorded in system logs, the best course of action for an IS auditor is to investigate the reason for the lack of logging. Understanding the underlying cause—not just assuming it’s a configuration issue—is crucial to ensure that there's no more systemic or intentional cause behind the issue. Only after understanding the problem can appropriate recommendations, such as enabling logging or changing access models, be made effectively.
Option A, "Investigate why logging is not occurring," is important, but does not provide any direct action to resolve the current issue. Enabling superuser activity logging is recommended as a fundamental solution to the issue.
If super-user activity is not being recorded in system logs, it poses a significant risk as it could allow unauthorized or inappropriate actions to go unnoticed. So , C is right answer
As an IS auditor, the best course of action when noting the absence of super-user activity in system logs is to investigate the reason for the lack of logging.
C. Recommend activation of super-user activity logging.
recommending activation of super-user activity logging, is not the best course of action because it assumes that the absence of logging is due to a lack of configuration rather than a deeper issue. Before recommending activation of super-user activity logging, it is important to investigate the root cause of the lack of logging to ensure that it is not a deliberate attempt to hide activity.