After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?
After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?
After the merger of two organizations, the most important task for an IS auditor is to verify that access privileges have been reviewed. This process ensures that only authorized personnel have appropriate access to critical systems and data, which is crucial in protecting the confidentiality, integrity, and availability of information. Reviewing access privileges addresses immediate potential security risks that may arise from the merger, such as unauthorized access or privilege escalation, and helps to align the access controls with the new organizational structure.
yes the IS auditor cannot update BCP or security policy.. its the work of organisation. so a and B option are ruled out. Amongst c and D, c is better choice.
I THINK B
C. Verifying that access privileges have been reviewed
While updating the security policy (option B) is also important to reflect changes resulting from the merger, verifying access privileges takes precedence because it directly addresses security risks associated with access control, confidentiality, and data protection. By confirming that access privileges have been reviewed and adjusted as necessary, the IS auditor helps safeguard the organization's information assets and ensures compliance with security policies and regulatory requirements.