Struggling with developer access in your small web development company? Learn the CISA-recommended approach to securing production environments while maintaining development efficiency.
Table of Contents
Question
In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:
A. perform a user access review for the development team.
B. hire another person to perform migration to production.
C. implement continuous monitoring controls.
D. remove production access from the developers.
Answer
C. implement continuous monitoring controls.
Explanation
While developers needing write access to production in a small company presents a security risk, completely removing their access (Option D) isn’t ideal.
The most effective solution is to implement continuous monitoring controls (Option C). This involves automated tools that constantly monitor user activity, system logs, and for suspicious behavior. This way, developers can retain the necessary access for their work, while any unauthorized modifications or anomalies are flagged for investigation.
Isaca Certified Information Systems Auditor CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Systems Auditor CISA exam and earn Isaca Certified Information Systems Auditor CISA certification.