Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?
A. Staff members were not notified about the test beforehand.
B. Test results were not communicated to staff members.
C. Staff members who failed the test did not receive follow-up education.
D. Security awareness training was not provided prior to the test.
A. Staff members were not notified about the test beforehand.
B. Test results were not communicated to staff members.
C. Staff members who failed the test did not receive follow-up education.
D. Security awareness training was not provided prior to the test.