yes the IS auditor cannot update BCP or security policy.. its the work of organisation. so a and B option are ruled out. Amongst c and D, c is better choice.
While updating the security policy (option B) is also important to reflect changes resulting from the merger, verifying access privileges takes precedence because it directly addresses security risks associated with access control, confidentiality, and data protection. By confirming that access privileges have been reviewed and adjusted as necessary, the IS auditor helps safeguard the organization's information assets and ensures compliance with security policies and regulatory requirements.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Deeplaxmi
Highly Voted 1 year, 9 months agoSwallows
Most Recent 1 month, 1 week ago007Georgeo
1 year, 2 months agoZephaniah
1 year, 9 months ago