Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?
A.
Ensure corrected program code is compiled in a dedicated server.
B.
Ensure change management reports are independently reviewed.
C.
Ensure programmers cannot access code after the completion of program edits.
D.
Ensure the business signs off on end-to-end user acceptance test (UAT) results.
is B , If a previously identified issue reoccurs after corrections have been made, it is possible that the corrections were not implemented correctly or that new issues were introduced during the correction process. Therefore, it is important to investigate why the issue was not fully resolved and to take steps to prevent a recurrence.
This is because programmers who have access to code after editing
may introduce unauthorized or malicious changes that could compromise the security, functionality, or
performance of the application
The scenario describes a situation where a malicious code issue was supposedly corrected but reappeared after deployment. This indicates a possibility of source code tampering, misconfiguration, or inadvertent re-introduction of the issue during the build or deployment process. One of the best ways to ensure that only clean, verified code is deployed to production is to compile the code on a dedicated server. This dedicated server should be isolated from development and source code modifications, thereby ensuring that the build process is secure, controlled, and free from tampering or errors.
B. must be the correct answer. From the description of the situation in the question, there is no indication of a possible cause for the recurrence of the problem in production. However, options A., C. and D. already suggest a cause and offer solutions. So it can only be B., always one after the other. There are a thousand possibilities in the whole change process that could be the cause. This must first be determined independently.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
007Georgeo
Highly Voted 1 year, 8 months agoMalsaffar
Most Recent 2 weeks, 4 days ago1Naa
2 weeks, 6 days ago46080f2
7 months, 1 week agoa84n
8 months, 2 weeks agoSwallows
9 months agokclow
3 months, 3 weeks agoblues_lee
11 months, 1 week agoRachy
11 months, 4 weeks agogomboragchaa
2 years agoStaanlee
2 years, 1 month ago