Which of the following should be an IS auditor’s GREATEST concern when assessing an IT service configuration database?
Which of the following should be an IS auditor’s GREATEST concern when assessing an IT service configuration database?
An IT service configuration database containing critical system configuration information should have restricted write access to prevent unauthorized revisions. If all users have write-access, it poses a significant risk as any user could alter or corrupt the database, leading to possible service disruptions, security breaches, or data loss. Ensuring data integrity and maintaining control over changes is paramount for system stability and security, making unregulated write-access the greatest concern.
While executable access for all users (Option C) may also pose security risks, such as the potential for unauthorized code execution or exploitation of vulnerabilities, allowing write-access to the database presents a more direct and immediate threat to data integrity, confidentiality, and the overall reliability of IT services. Therefore, it should be of greatest concern to the IS auditor.
Granting execute permissions for the IT service configuration database to all users is a major security issue. This allows anyone to run arbitrary code within the database, potentially compromising the entire system. It's crucial to restrict execute access to authorized personnel only. I feel C will be better answer