Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls?
Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls?
The greatest concern for an IS auditor reviewing backup and recovery controls is that restores from backups are not periodically tested. The main purpose of backups is to ensure data can be restored in the event of data loss. Without regular testing of the restore process, there is significant risk that the backups may not work as expected when needed, potentially leading to severe data loss and business impact.
Periodic testing of restores from backups is crucial for verifying the effectiveness and reliability of the backup and recovery processes. Without regular testing, there is a risk that backups may not be functioning correctly, or that data may not be recoverable in the event of a disaster or data loss incident. Testing restores allows organizations to identify any issues or gaps in the backup and recovery procedures, ensuring that critical data can be restored promptly and accurately when needed.
b is answer https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/is-audit-basics-backup-and-recovery
delete B
Having backups in place is only half the battle. If you haven't tested your ability to restore data from those backups, you can't be confident they will work when needed. So, the answer is D
This is because the main purpose of backups is to be able to restore data in case of data loss. If the restore process is not tested regularly, there’s a risk that the backups may not work when they are needed, which could lead to significant data loss and business impact.