Isaca Certified Information Systems Auditor CISA Question # 250 Topic 26 Discussion

CISA Exam Topic 26 Question 250 Discussion:

Question #: 250

Topic #: 26

Which of the following activities should be separated in an organization’s incident management processes?

Initiating and closing error logs

Collecting and analyzing logs from devices

Identifying root causes and recommending workarounds

Recording and classifying incidents

Get Premium CISA Questions

Explanation

The activities that should be separated are initiating and closing error logs. This is a segregation-of-duties issue. The same person who opens an error record should not also have sole authority to close it, because that creates an opportunity to suppress incidents, conceal inadequate investigation, or bypass proper resolution and review. ISACA guidance regularly stresses the importance of segregation of duties as a foundational control principle.

Option A is correct because separating initiation from closure helps ensure independent review, proper follow-up, and accountability in the incident process. This aligns with classic CISA logic: one role records or raises the issue, while another role validates resolution and closure.

Option B is less compelling because collecting and analyzing logs are closely related operational security activities and are often performed within the same monitoring function.

Option C is also less appropriate to separate in this context because identifying root causes and recommending workarounds are naturally linked problem-management activities. ISACA guidance on root cause analysis connects these activities to incident and problem handling.

Option D is not the best answer because recording and classifying incidents are typically performed together at intake or triage. Separating them would usually add process friction without the same control benefit as separating initiation from closure.

Therefore, A is the best answer because it best reflects appropriate segregation of duties in incident handling.

References (Official ISACA):

ISACA Journal, IS Audit Basics: Trust but Verify — highlights the importance of segregation of duties.

ISACA Journal, Trends, Challenges and Strategies for Effective Audit in a Rapidly Changing Landscape — reinforces segregation of duties as a continuing control requirement.

ISACA Journal, Resilient GRC: Tackling Contemporary Challenges With a Robust Delivery Model — discusses bias and segregation-of-duties concerns.

ISACA, Root Cause Analysis / ISACA Glossary — supports the linkage between root cause analysis and incident/problem processes.

Actual exam question for Isaca CISA exam by Arlo75064 at Apr 2, 2026, 7:56:15 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified Information Systems Auditor CISA Question # 250 Topic 26 Discussion

Isaca Certified Information Systems Auditor CISA Question # 250 Topic 26 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified Information Systems Auditor CISA Question # 250 Topic 26 Discussion

Isaca Certified Information Systems Auditor CISA Question # 250 Topic 26 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval