During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's
MOST important course of action?
During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's
MOST important course of action?
When an IS auditor finds several similar incidents logged during an audit period, the most crucial course of action is to determine if a root cause analysis was conducted. This step is critical because understanding the underlying cause of these recurring incidents will enable the organization to take corrective actions to prevent them in the future. While documenting the finding, validating whether incidents have been actioned, and confirming the resolution time are all important tasks, they do not address the fundamental issue that is causing similar incidents to recur. Identifying the root cause helps to implement long-term solutions rather than just addressing the symptoms.
The correct answer is B. Determine if a root cause analysis was conducted. If an IS auditor finds that several similar incidents were logged during the audit period, it is important to determine if a root cause analysis was conducted. A root cause analysis is a systematic process that is used to identify the underlying cause of a problem or incident. By identifying the root cause, organizations can take appropriate corrective action to prevent similar incidents from occurring in the future. Other actions that the auditor may take include documenting the finding and presenting it to management (A), validating whether all incidents have been actioned (C), and confirming the resolution time of the incidents (D). However, identifying the root cause of the incidents is the most important course of action because it will help the organization prevent similar incidents from occurring in the future.
First, you check if all incidents were actioned then move to checking if RCA was performed.
C. Validate whether all incidents have been actioned.
should be B
Answer should be B
B is the answer
should be B
B if there have been all similar incidents reported, clearly RCA was not done. So first he should determine if RCA was conducted.
Initially I was leaning toward B, but then it would make sense for the answer to be C. Since generally you would need to see if there was any action on the incidents, if yes .... then we would need to check the root cause analysis was conducted
I would answer B, because the question is not about "FIRST action", but "MOST important course of action".
Typically, similar recurring incidents are transferred to the problem management process, i.e. the incident tickets are assigned to a problem management ticket. There are some similar questions here. This one does not ask about the problem management process, but instead about the first action from the problem management process, namely the root cause analysis. So B. is the most sensible answer.
Q: several similar incidents were logged during the audit period NOT before Answer: C validating whether all incidents have been actioned which will lead to conducting a root cause analysis
Validate whether all incidents have been actioned= is evidence