Which of the following is the IS auditor’s BEST recommendation?

CISA V2 0 Comments

Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported.

Which of the following is the IS auditor’s BEST recommendation?
A . Ensure corrected program code is compiled in a dedicated server.
B . Ensure change management reports are independently reviewed.
C . Ensure programmers cannot access code after the completion of program edits.
D . Ensure the business signs off on end-to-end user acceptance test (UAT) results.

Answer: C

Explanation:

The IS auditor’s best recommendation is to ensure that programmers cannot access code after the completion of program edits. This is because programmers who have access to code after editing may introduce unauthorized or malicious changes that could compromise the security, functionality,

or performance of the application. By restricting access to code after editing, the organization can ensure that only authorized and tested code is released into production, and prevent any tampering or reoccurrence of the same issue.

References:

1 discusses the importance of controlling access to code after editing and testing, and provides some best practices for doing so.

2 explains how programmers can introduce malicious code into applications, and how to prevent and detect such attacks.

3 describes the role of IS auditors in reviewing and assessing the security and quality of application code.

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISA PDF     CISA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments