An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?
An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?
When incidents are resolved and closed without investigating the root causes, the primary concern is that the vulnerabilities that led to these incidents remain unaddressed. This leaves the organization exposed to similar incidents in the future because the underlying issues have not been identified and rectified. Addressing vulnerabilities is crucial for the prevention of recurring security incidents and is a fundamental aspect of maintaining effective cybersecurity.
i think that answer is B
B is correct
While lessons learned not being properly documented (option B) is also a concern, the primary issue is ensuring that vulnerabilities are identified and mitigated to prevent future incidents. Therefore, the failure to properly address vulnerabilities is the major concern in this situation.
C. Vulnerabilities have not been properly addressed. Without investigating the root causes of security incidents, organizations cannot identify and rectify the underlying vulnerabilities that led to these incidents in the first place. This can result in a continuous cycle of incidents and potential security breaches, leaving the organization exposed to ongoing risks. Addressing vulnerabilities is a fundamental aspect of maintaining effective cybersecurity, and it should be a top priority for any organization. While the other options (A, B, and D) may also be concerns, they are not as directly related to the failure to investigate root causes of security incidents.
so according to you all incidents comes from Vulnerabilities?