What finding would be a major concern for an IT auditor performing an assessment of the computer security incident response procedures for an international financial institution?

The IT help desk is not appropriately trained to respond and resolve computer security incidents.

Computer security incident response procedures do not identify a liaison to senior management.

Computer security incidents are not maintained in a centralized repository.

End users are not trained to identify and report on computer security incidents.

Explanation

A. While IT help desk personnel should be aware of computer security issues, containment and resolution is not their responsibility. The computer security incident response team is a team of specialists separate from the IT help desk, which is trained to handle computer security incidents. B. Lack of a liaison to senior management is a concern because significant computer security incidents should be reported to senior management as soon as possible. However, this is not as big a concern as the lack of end-user training to identify and report computer security incidents. C. End users that are trained to identify and report security incidents are critical to the success of computer security incident response. The biggest risk of not addressing a computer security incident is that users may fail to identify an event of significance and therefore may not report it. This may cause significant computer security incidents to remain unnoticed and/or unaddressed. D. Lack of a centralized repository to record computer security incidents is a concern. However, this is not as big a concern as the lack of end-user training to identify and report computer security incidents.