Certified Information Systems Auditor (CISA) — Question 573

Which of the following would be of GREATEST concern to an IS auditor reviewing an organization's security incident handling procedures?

Answer options

• A. Annual tabletop exercises are performed instead of functional incident response exercises.
• B. Roles for computer emergency response team (CERT) members have not been formally documented.
• C. Guidelines for prioritizing incidents have not been identified.
• D. Workstation antivirus software alerts are not regularly reviewed.

Correct answer: C

Explanation

The correct answer is C because without established criteria for prioritizing incidents, the organization may not effectively address the most critical threats. Option A, while concerning, does not directly impact the efficacy of incident response as significantly as prioritization. Option B is important for clarity in roles, but it doesn't hinder the overall response effectiveness as much as prioritization does. Option D is also relevant, but it pertains more to routine monitoring rather than the strategic handling of incidents.