Which of the following would be of GREATEST concern to an IS auditor receiving an organization’s security incident handling procedures?
A. Annual tabletop exercises are performed instead of functional incident response exercises.
B. Roles for computer emergency response team (CERT) members have not been formally documented.
C. Guidelines for prioritizing incidents have not been identified.
D. Workstation antivirus software alerts are not regularly reviewed.
A. Annual tabletop exercises are performed instead of functional incident response exercises.
B. Roles for computer emergency response team (CERT) members have not been formally documented.
C. Guidelines for prioritizing incidents have not been identified.
D. Workstation antivirus software alerts are not regularly reviewed.