A company laptop has been stolen, and all photos on the laptop have been published on social media.
Which of the following is the IS auditor's BEST course of action?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The BEST course of action for an IS auditor in the event of a stolen company laptop and unauthorized publication of photos on social media would be to:
A. Ensure that the appropriate authorities have been notified.
Explanation: The theft of a company laptop and the unauthorized publication of its contents on social media is a serious incident that could have significant consequences for the organization, including legal and reputational damage. Therefore, the IS auditor's first priority should be to ensure that the appropriate authorities, such as the police or law enforcement agencies, have been notified of the incident. This will help to initiate an investigation to identify the perpetrator(s) and recover the stolen laptop and any other related equipment.
B. Review the photos to determine whether they were for business or personal purposes.
Explanation: While reviewing the photos may be helpful in identifying the nature of the data that has been compromised, it is not the best course of action for an IS auditor in this scenario. The priority should be to mitigate the risks associated with the incident and ensure that appropriate measures are taken to prevent similar incidents from occurring in the future. Reviewing the photos is a secondary concern that can be addressed after the appropriate authorities have been notified, and the organization has implemented measures to prevent further incidents.
C. Verify the organization's incident reporting policy was followed.
Explanation: Verifying the organization's incident reporting policy is a critical step in any incident management process, including this scenario. However, it should not be the IS auditor's first priority in this situation. Rather, the auditor should focus on mitigating the risks associated with the incident, which includes notifying the appropriate authorities, preserving evidence, and communicating with relevant stakeholders.
D. Determine if the laptop had the appropriate level of encryption.
Explanation: Determining if the laptop had the appropriate level of encryption is a crucial step in ensuring the security of the data stored on the laptop. However, it should not be the IS auditor's first priority in this situation. The priority should be to mitigate the risks associated with the incident, including notifying the appropriate authorities and implementing measures to prevent similar incidents from occurring in the future. After these steps have been taken, the IS auditor can then assess the organization's encryption practices and identify areas for improvement.