An IS auditor notes that a number of application plug-ins currently in use are no longer supported.
Which of the following is the auditor's BEST recommendation to management?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The IS auditor has noted that certain application plug-ins in use are no longer supported, which may lead to potential vulnerabilities and risks in the system. Based on this observation, the best recommendation for management would be to conduct a vulnerability assessment to determine the level of exposure.
Option A, implementing role-based access controls, is not the best recommendation as it does not address the specific issue of unsupported plug-ins, but rather focuses on access controls, which may be useful in certain situations but not directly relevant to the issue at hand.
Option C, reviewing content backup and archiving procedures, is also not the best recommendation as it is not directly related to the issue of unsupported plug-ins. While backup and archiving procedures are important, they do not address the risks associated with the unsupported plug-ins.
Option D, reviewing on-boarding and off-boarding processes, is also not the best recommendation as it is not directly related to the issue of unsupported plug-ins. While on-boarding and off-boarding processes are important for managing user access, they do not address the risks associated with unsupported plug-ins.
Therefore, the best recommendation for management is option B, conducting a vulnerability assessment to determine the level of exposure. This will allow management to identify and address any potential vulnerabilities and risks associated with the unsupported plug-ins, and develop a plan to mitigate these risks.