Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?
Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?
To prevent the recurrence of the same issue found post-release, the best recommendation is to ensure change management reports are independently reviewed. This allows for a thorough verification process to uncover any discrepancies or faults in the correction process and ensures that changes have been properly implemented and tested before going live.
is B , If a previously identified issue reoccurs after corrections have been made, it is possible that the corrections were not implemented correctly or that new issues were introduced during the correction process. Therefore, it is important to investigate why the issue was not fully resolved and to take steps to prevent a recurrence.
B. must be the correct answer. From the description of the situation in the question, there is no indication of a possible cause for the recurrence of the problem in production. However, options A., C. and D. already suggest a cause and offer solutions. So it can only be B., always one after the other. There are a thousand possibilities in the whole change process that could be the cause. This must first be determined independently.
The answer is C according to CISA Q&A
CAn't it be B?
I think A is the right answer.
Q: After the release, the same issue was reported Answer: B recommendation to focus on improving the change management process
This is a question about the separation of duties between development and operations. Therefore, C is the correct answer.。
I think A is the right answer.