Shared Key Cards in Accessing Data Center

B.

As an IS auditor observing shared key cards being utilized to access an organization's data center, the greatest concern would be option B - the inability to identify who has entered the data center.

Shared key cards refer to a system where multiple individuals share the same key card to access a secured area. This system poses a significant risk to the organization's security as it becomes difficult to track and monitor the individuals entering the data center. The lack of identification of individuals entering the data center can lead to unauthorized access, misuse of resources, and theft of sensitive information.

Option A, the lack of multi-factor authentication, is also a concern for security, but it is not as significant as option B. Multi-factor authentication is a security measure that involves multiple forms of verification before granting access to a system. While it is an important security measure, the lack of it does not pose an immediate threat as compared to the inability to identify individuals who have entered the data center.

Option C, the inability to track the number of misplaced cards, is also a concern, but it is not as critical as option B. Losing the shared key card can allow unauthorized individuals to gain access to the data center, but it is less of a concern than the inability to identify who has entered the data center.

Option D, the lack of enforcement of organizational policy and procedures, is a general concern that should be addressed but is not directly related to the use of shared key cards. It refers to the organization's failure to ensure compliance with established policies and procedures related to information security. While it is an important concern, it does not address the specific issue of shared key cards and the inability to identify individuals entering the data center.

In conclusion, the inability to identify who has entered the data center is the greatest concern for an IS auditor observing shared key cards being utilized to access an organization's data center. It poses a significant risk to the organization's security, and appropriate measures should be taken to address this issue.