Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized access attempts were recorded on a security report?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
When an IS auditor finds repeated unauthorized access attempts recorded on a security report, it is important to verify the underlying cause and investigate the incident thoroughly. Out of the given options, the MOST important action for an IS auditor to take would be to verify that there is evidence that the incident was investigated (Answer B).
Unauthorized access attempts could be an indication of a potential security breach, and verifying that the incident was thoroughly investigated is crucial to prevent further harm to the system or organization. It is essential to ensure that any security incident is dealt with promptly and effectively to prevent any damage to the system or data.
Although the other options listed are also important, they are not as critical as verifying that the incident was investigated. For example, confirming password reset requests as legitimate (Option A) could help prevent future unauthorized access attempts, but this action alone does not address the current incident that was already detected.
Similarly, tracking system configuration changes (Option C) and establishing a comprehensive access policy (Option D) are essential security measures that an organization should have in place. However, they do not address the immediate concern of the repeated unauthorized access attempts that were detected.
Therefore, the most important action for an IS auditor to take is to verify that the incident was investigated thoroughly to determine the root cause and prevent any further damage or unauthorized access.