CISA Certified Information Systems Auditor – Question0641

Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?

A.
Management support
B. Business impact
C. Regulatory compliance
D. Residual risk

Correct Answer: B