Which of the following observations should be of GREATEST concern to an IS auditor when auditing web application security control as part of an IT general controls audit?
A.
The application control configuration is not available.
B.
An application control assessment has not been performed.
C.
An application control matrix has not been established.
D.
Application control is not aligned with an IT framework.
The absence of an application control assessment indicates a lack of proactive evaluation and testing of the controls in place to secure the web application. This increases the risk of vulnerabilities and potential exploitation, as there is no systematic review and verification of the effectiveness of security controls.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
FAGFUR
4 months agohoho
9 months, 2 weeks ago