Internal IS Auditor Recommends Encrypting Incoming Accounts Payable Payment Files

D.

The internal IS auditor is recommending the implementation of encryption for incoming accounts payable payment files. This control is a preventive control.

Preventive controls aim to reduce the likelihood of an undesirable event occurring. In this case, the preventive control of encryption is intended to prevent unauthorized access to the payment files, by rendering the data unreadable and unusable to those who do not have the appropriate decryption key.

Corrective controls are implemented after an incident has occurred, with the goal of correcting or mitigating the damage done by the incident. An example of a corrective control might be a disaster recovery plan that outlines steps to be taken after a system outage or data loss.

Detective controls are designed to identify and respond to incidents as they occur. An example of a detective control would be a security system that monitors network activity and alerts security personnel to suspicious behavior.

Directive controls are policies, procedures, or guidelines that direct an organization or its employees to take certain actions or follow specific guidelines. An example of a directive control would be an organization-wide policy that requires all employees to use two-factor authentication to access sensitive data.

In conclusion, the internal IS auditor's recommendation of encryption for incoming accounts payable payment files is a preventive control aimed at reducing the likelihood of unauthorized access.