Which of the following would an IS auditor consider a weakness when performing an audit of an
organization that uses a public key infrastructure with digital certificates for its business-toconsumer transactions via the internet?
Customers are widely dispersed geographically, but the certificate authorities are not.
Customers can make their transactions from any computer or mobile device.
The certificate authority has several data processing subcenters to administer certificates.
The organization is the owner of the certificate authority.
If the certificate authority belongs to the same organization, this would generate a conflict of interest.
That is, if a customer wanted to repudiate a transaction, they could allege that because of the
shared interests, an unlawful agreement exists between the parties generating the certificates, if a
customer wanted to repudiate a transaction, they could argue that there exists a bribery between
the parties to generate the certificates, as shared interests exist. The other options are not