PrepAway - Latest Free Exam Questions & Answers

Regarding the access card system, the IS auditor should be MOST concerned that:

An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that:

PrepAway - Latest Free Exam Questions & Answers

A.
nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity.

B.
access cards are not labeled with the organization’s name and address to facilitate easy return of a lost card.

C.
card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards.

D.
the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure.

Explanation:
Physical security is meant to control who is entering a secured area, so identification of all individuals is of utmost importance. It is not adequateto trust unknown external people by allowing them to write down their alleged name without proof, e.g., identity card, driver’s license. Choice B is not a concern because if the name and address of the organization was written on the card, a malicious finder could use the card to enter the organization’s premises. Separating card issuance from technical rights management is a method to ensure a proper segregation of duties so that no single person can produce a functioning card for a restrictedarea within the organization’s premises. Choices B and C are good practices, not concerns. Choice D may be a concern, but not as important since a system failure of the card programming device would normally not mean that the readers do not functionanymore . It simply means that no new cards can be issued, so this option is minor compared to the threat of improper identification.

One Comment on “Regarding the access card system, the IS auditor should be MOST concerned that:


Leave a Reply