Which of the following should be of MOST concern to an IS auditor evaluating a forensics program?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
When evaluating a forensics program, an IS auditor should be most concerned with the proper handling and storage of forensic images. Forensic images are the digital copies of electronic devices, hard drives, or other data storage media that are created during the forensic investigation process. These images contain important evidence that may be used in legal or investigative proceedings.
Option A states that forensic images are stored on removable media with encryption. This is a good practice as it helps protect the images from unauthorized access or modification. However, this is not the most concerning issue for an IS auditor.
Option B states that forensic images are only stored for involuntarily terminated employees. This raises concerns about the fairness and impartiality of the forensics program. If forensic images are only collected for certain employees, it could be seen as a discriminatory practice. Additionally, if the program only collects images for involuntarily terminated employees, it may not be comprehensive enough to detect all types of fraud or misconduct.
Option C states that forensic images are only maintained for 12 months. This is a significant concern for an IS auditor as it may not comply with legal or regulatory requirements. Depending on the type of investigation, forensic images may need to be retained for longer periods of time. Additionally, if the program only maintains images for 12 months, it may not be able to provide evidence for investigations that span longer periods of time.
Option D states that forensic images are stored on shared disks. This is a major concern for an IS auditor as it can compromise the integrity and security of the images. If forensic images are stored on shared disks, there is a risk that they could be accidentally or intentionally deleted, modified, or accessed by unauthorized users. This could result in the loss or alteration of important evidence, which could have serious consequences for the investigation or legal proceedings.
In conclusion, option D, forensic images stored on shared disks, should be of MOST concern to an IS auditor evaluating a forensics program as it presents the greatest risk to the integrity and security of the images.