An IS auditor discovers from patch logs that some in-scope systems are not compliant with the regular patching schedule. What should the auditor do NEXT?
A.
Request a plan of action to be established as a follow-up item.
B.
Interview IT management to clarify the current procedure.
C.
Review the organization's patch management policy.
Policy Alignment: Reviewing the policy provides a clear baseline for evaluating compliance. It helps understand the organization's expectations and requirements regarding patching.
Objective Criteria: The policy serves as objective criteria against which the auditor can compare the observed patching status. It establishes a framework for assessing whether the non-compliance aligns with the organization's established procedures.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
KAP2HURUF
1 year ago