An IS auditor selects a server for a penetration test that will be carried out by a technical specialist.
Which of the following is MOST important?
The tools used to conduct the test
Certifications held by the IS auditor
Permission from the data owner of the server
An intrusion detection system (IDS) is enabled
The data owner should be informed of the risks associated with a penetration test, what types of
tests are to be conducted and other relevant details. All other choices are not as important as the
data owner’s responsibility for the security of the data assets.