Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?

Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?
A . Staff members were not notified about the test beforehand.
B . Test results were not communicated to staff members.
C . Staff members who failed the test did not receive follow-up education.
D . Security awareness training was not provided prior to the test.

View Answer

Answer: C