PrepAway - Latest Free Exam Questions & Answers

Which of the following should the IS auditor recommend to management?

An IS auditor who is reviewing incident reports discovers that, in one instance, an important
document left on an employee’s desk was removed and put in the garbage by the outsourced
cleaning staff. Which of the following should the IS auditor recommend to management?

PrepAway - Latest Free Exam Questions & Answers

A.
Stricter controls should be implemented by both the organization and the cleaning agency.

B.
No action is required since such incidents have not occurred in the past.

C.
A clear desk policy should be implemented and strictly enforced in the organization.

D.
A sound backup policy for all important office documents should be implemented.

Explanation:

An employee leaving an important document on a desk and the cleaning staff removing it may
result in a serious impact on the business. Therefore, the IS auditor should recommend that strict
controls be implemented by both the organization and the outsourced cleaning agency. That such
incidents have not occurred in the past does not reduce the seriousness of their impact.
Implementing and monitoring a clear desk policy addresses only one part of the issue. Appropriate

confidentiality agreements with the cleaning agency, along with ensuring that the cleaning staff
has been educated on the dos and don’ts of the cleaning process, are also controls that should be
implemented. The risk here is not a loss of data, but leakage of data to unauthorized sources. A
backup policy does not address the issue of unauthorized leakage of information.


Leave a Reply