CISA Certified Information Systems Auditor – Question0292

Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization’s incident management processes?

A.
Metrics are not reported to senior management.
B. Service management standards are not followed.
C. Expected time to resolve incidents is not specified.
D. Prioritization criteria are not defined.

Correct Answer: D