Which of the following would be an IS auditor’s GREATEST concern when evaluating a cybersecurity incident response plan?
A . The plan has not been recently tested.
B . Roles and responsibilities are not detailed for each process.
C . Stakeholder contact details are not up-to-date.
D . The plan does not include incident response metrics.
Answer: B