Which of the following should be of GREATEST concern to an IS auditor conducting an audit of incident response procedures?
A. End users have not completed security awareness training.
B. Senior management is not involved in the incident response process.
C. There is no procedure in place to learn from previous security incidents.
D. Critical incident response events are not recorded in a centralized repository.
A. End users have not completed security awareness training.
B. Senior management is not involved in the incident response process.
C. There is no procedure in place to learn from previous security incidents.
D. Critical incident response events are not recorded in a centralized repository.