Which of the following would be an IS auditor's GREATEST concern when evaluating a cybersecurity incident response plan?
A. The plan has not been recently tested.
B. Roles and responsibilities are not detailed for each process.
C. Stakeholder contact details are not up-to-date.
D. The plan does not include incident response metrics.
A. The plan has not been recently tested.
B. Roles and responsibilities are not detailed for each process.
C. Stakeholder contact details are not up-to-date.
D. The plan does not include incident response metrics.