An IS auditor has observed gaps in the data available to the organization for detecting incidents. Which of the following would be the BEST recommendation to improve the organization’s security incident response capability?
A. Document procedures for incident escalation.
B. Document procedures for incident classification.
C. Correlate security logs collected from multiple sources.
D. Centralize alerts and security log information.
A. Document procedures for incident escalation.
B. Document procedures for incident classification.
C. Correlate security logs collected from multiple sources.
D. Centralize alerts and security log information.