An IS auditor notes that application of super-user activity was not recorded in system logs.
What is the auditor's BEST course of action?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
As an IS auditor, the best course of action when noting the absence of super-user activity in system logs is to investigate the reason for the lack of logging.
Answer B is the most appropriate course of action because it allows the auditor to determine why super-user activity is not being logged. The absence of logging could be due to a technical issue, oversight, or even intentional tampering with the logs. Investigating the reason for the lack of logging will help the auditor understand the underlying issue and take appropriate action to remediate the situation.
Answer A, recommending a least-privilege access model, may be a valid control recommendation to prevent the need for super-user activity. However, it does not address the immediate issue of why the activity is not being logged.
Answer C, reporting the issue to the audit manager, is also a valid option. However, it is not the best course of action because it does not provide a solution or a plan of action to remediate the issue.
Answer D, recommending activation of super-user activity logging, is not the best course of action because it assumes that the absence of logging is due to a lack of configuration rather than a deeper issue. Before recommending activation of super-user activity logging, it is important to investigate the root cause of the lack of logging to ensure that it is not a deliberate attempt to hide activity.