An IS auditor has observed gaps in the data available to the organization for detecting incidents. Which of the following would be the BEST recommendation to improve the organization`s security incident response capability? 

Answer options:

A. Document procedures for incident escalation.
B. Document procedures for incident classification.
C. Correlate security logs collected from multiple sources.
D. Centralize alerts and security log information.

D