An IS auditor is evaluating the access controls for a shared customer relationship management (CRM) system. Which of the following would be the GREATEST concern?
An IS auditor is evaluating the access controls for a shared customer relationship management (CRM) system. Which of the following would be the GREATEST concern?
When evaluating access controls for a shared customer relationship management (CRM) system, the greatest concern would be that the security baseline is not consistently applied. The security baseline encompasses a broad range of security controls and configurations that must be enforced to protect the system. Without it, the system may be vulnerable to numerous risks, including unauthorized access, data breaches, and other security incidents. While audit logging, single sign-on, and complex passwords are important, they are specific controls that fall under the broader category of a security baseline.
D. Security baseline is not consistently applied.
I think D includes A Does anyone have any great suggestions?
The greatest concern here is A, If audit login is not enabled , how are we going to trace and maintain customer management
I choose A instead of D. Since a "security baseline" is too general, not specify on any objectives.
D includes A
It includes A but D is too broad. The question is asking about access controls which you need an audit log for.
A, it is important to have audit trail with regards to all customer interactions to maintain and address improve CR through CRM;customer relationship management
Agree on D, it should be more appropriate for CRM system
The biggest concern for IS auditors evaluating access controls in CRM systems is that audit logs are not valid.
Security is the most important issue
Answer: A
A. Audit logging is not enabled.
Without logging, organizations cannot detect unauthorized access, insider threats, or security incidents.