During a review of an organization’s network threat response process, the IS auditor noticed that the majority of alerts were closed without resolution. Management responded that those alerts were unworkable due to lack of actionable intelligence, and therefore the support team is allowed to close them. What is the BEST way for the auditor to address this situation?
A. Further review closed unactioned alerts to identify mishandling of threats.
B. Omit the finding from the report as this practice is in compliance with the current policy.
C. Recommend that management enhance the policy and improve threat awareness training.
D. Reopen unactioned alerts and report to the audit committee.
A. Further review closed unactioned alerts to identify mishandling of threats.
B. Omit the finding from the report as this practice is in compliance with the current policy.
C. Recommend that management enhance the policy and improve threat awareness training.
D. Reopen unactioned alerts and report to the audit committee.