Which of the following should be of GREATEST concern to an IS auditor when auditing an organization`s information security awareness program? 

Answer options:

A. Security awareness training is not included as part of the onboarding process for new hires.
B. The number of security incidents logged by employees to the help desk has increased in the past year.
C. Training quizzes are designed and run by a third-party company under a contract with the organization.
D. Security awareness training is run via the organization`s enterprise-wide e-learning portal.

A