Which of the following is the MOST important factor to consider when establishing a severity hierarchy for information security incidents?
A. Management support
B. Business impact
C. Regulatory compliance
D. Residual risk
A. Management support
B. Business impact
C. Regulatory compliance
D. Residual risk