When reviewing an organization’s logical access security, which of the following should be of MOST concern to
an IS auditor?
A.
Passwords are not shared.
B.
Password files are not encrypted.
C.
Redundant logon IDs are deleted.
D.
The allocation of logon IDs is controlled.
Explanation:
When evaluating the technical aspects of logical security, unencrypted files represent the greatest risk. The
sharing of passwords, checking for the redundancy of logon IDs and proper logon ID procedures are essential,
but they are less important than ensuring that the password files are encrypted.