Which of the following is MOST important for an IS auditor to review when evaluating the effectiveness of an organization`s incident response process? 

Answer options:

A. Past incident response actions
B. Incident response staff experience and qualifications
C. Results from management testing of incident response procedures
D. Incident response roles and responsibilities

C