Which of the following should be of GREATEST concern to an IS auditor conducting an audit of incident response procedures?
A . End users have not completed security awareness training.
B . Senior management is not involved in the incident response process.
C . There is no procedure in place to learn from previous security incidents.
D . Critical incident response events are not recorded in a centralized repository.
Answer: B