Which of the following should be of GREATEST concern to an IS auditor reviewing an organization’s information security program?
A. The program was not formally signed off by the sponsor.
B. Key performance indicators (KPIs) are not established.
C. Not all IT staff are aware of the program.
D. The program was last updated five years ago.
A. The program was not formally signed off by the sponsor.
B. Key performance indicators (KPIs) are not established.
C. Not all IT staff are aware of the program.
D. The program was last updated five years ago.