During an audit of a data center, an IS auditor's BEST way to gain an understanding of physical security controls is to:
Click on the arrows to vote for the correct answer
A. B. C. D.C.
During an audit of a data center, an IS auditor's best way to gain an understanding of physical security controls is to take a tour of the facility and identify physical security controls.
Option A, reviewing the data center's physical security procedures, may provide a general understanding of the security measures in place, but it is not sufficient to determine whether the controls are actually implemented and effective.
Option B, contacting the alarm vendor and identifying where alarms are installed in the data center, may provide some information on the alarm system in place, but it does not provide a complete understanding of physical security controls.
Option D, obtaining the engineering plans for the building and identifying points of entry, may provide some information on the physical layout of the data center, but it does not provide a complete understanding of the security controls in place.
Taking a tour of the data center is the best way for an IS auditor to gain an understanding of physical security controls. By physically inspecting the data center, the auditor can identify the security measures in place, such as surveillance cameras, access controls, and security guards. The auditor can also observe the behavior of data center staff and assess their adherence to security policies and procedures. Additionally, the auditor can identify any physical vulnerabilities or weaknesses in the security controls and recommend improvements.