An IS auditor is reviewing an organization’s network vulnerability scan results. Which of the following processes would the scan results MOST likely feed into?

A. Firewall maintenance
B. Patch management
C. Incident response
D. Traffic management