An IS auditor discovers a box of hard drives in a secured location that are overdue for physical destruction. The vendor responsible for this task was never made aware of these hard drives. Which of the following is the BEST course of action to address this issue?
The best course of action is to escalate the finding to the asset owner for remediation. This ensures that the responsible party is made aware of the oversight and can take immediate steps to address it. While evaluating the workflow and policies for gaps is important for long-term prevention, immediate action to rectify the current issue is critical.
D. Escalate the finding to the asset owner for remediation.
D is correct.
While evaluating the corporate asset handling policy for potential gaps (option A) is also important, escalating the finding to the asset owner for remediation ensures swift and direct action to address the immediate issue while also facilitating improvements to prevent recurrence.
I believe B is correct. Before making any recommendation, the IS auditor should gain a good understanding of the scope of the problem and what factors caused this incident. The IS auditor should identify whether the issue was caused by managers not following procedures, or by a problem with the workflow of the automated system or a combination of the two.
I agree with you. I change my selection.