Which of the following would be of MOST concern for an IS auditor evaluating the...

he design of an incident management process should include prioritization criteria to ensure that incidents are handled according to their impact and urgency. Without prioritization criteria, the organization may not be able to allocate resources effectively and respond to incidents in a timely manner. Expected time to resolve incidents, service management standards, and metrics reporting are important aspects of incident management, but they are not as critical as prioritization criteria for thedesign of the process. References: ISACA Journal Article: Incident Management: A Practical Approach