From an IS auditor’s perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?

From an IS auditor’s perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?
A . Inability to close unused ports on critical servers
B . Inability to identify unused licenses within the organization
C . Inability to deploy updated security patches
D . Inability to determine the cost of deployed software

View Answer

Answer: C

Explanation:

The greatest risk associated with an incomplete inventory of deployed software in an organization is the inability to deploy updated security patches. Security patches are updates that fix vulnerabilities or bugs in software that could be exploited by attackers. Without an accurate inventory of software versions and configurations, it is difficult to identify and apply the relevant patches in a timely manner, which exposes the organization to increased security risks. Inability to close unused ports on critical servers, inability to identify unused licenses within the organization, and inability to determine the cost of deployed software are not as critical as security risks.

References: ISACA CISA Review Manual 27th Edition, page 308