During a review of an organization's network threat response process, the IS auditor noticed that the majority of alerts were closed without resolution.
Management responded that those alerts were unworkable due to lack of actionable intelligence, and therefore the support team is allowed to close them. What is the BEST way for the auditor to address this situation?
The best way for the auditor to address this situation is to recommend that management enhance the policy and improve threat awareness training. This approach addresses the underlying issues by providing clearer guidelines and expectations for handling alerts, including criteria for closure. Additionally, it equips the support team with the necessary knowledge and skills to evaluate alerts effectively and take appropriate action. This proactive measure helps improve the organization's network threat response process as a whole, rather than just reacting to past incidents.
C. Recommend that management enhance the policy and improve threat awareness training.
The IS auditor should review the closed unactioned alerts to determine if there was any mishandling of threats. This will help the auditor assess if the current policy and practice are effective and if there is a need for improvements in the threat response process. so answer is a
By recommending that management enhances the policy and improves threat awareness training, the auditor addresses the underlying issues. Enhancing the policy can provide clearer guidelines and expectations for handling alerts, including criteria for closure. Improving threat awareness training can better equip the support team with the knowledge and skills to evaluate alerts effectively and take appropriate action.
There might me some risks not resolved. You need to ivestigate further before enhancing policies and awareness.
While further reviewing closed unactioned alerts (Option A) could provide insights into specific instances of mishandling, recommending enhancements to the policy and training (Option C) addresses the underlying issue more comprehensively. It allows the organization to proactively improve its network threat response process rather than just reacting to past incidents.
Further review
why answer B?