Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization’s incident management processes?
A. Metrics are not reported to senior management.
B. Service management standards are not followed.
C. Expected time to resolve incidents is not specified.
D. Prioritization criteria are not defined.
A. Metrics are not reported to senior management.
B. Service management standards are not followed.
C. Expected time to resolve incidents is not specified.
D. Prioritization criteria are not defined.