CISA Certified Information Systems Auditor – Question2013

An IS auditor finds multiple situations where the help desk resolved security incidents without notifying IT security as required by policy. Which of the following is the BEST audit recommendation?

A.
Display the incident response hotline in common areas.
B. Have IT security review problem management policy.
C. Reinforce the incident escalation process.
D. Redesign the help desk reporting process.

Correct Answer: B