Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized access attempts were recorded on a security report? 

Answer options:

A. Password reset requests have been confirmed as legitimate
B. There is evidence that the incident was investigated
C. System configuration changes are properly tracked
D. A comprehensive access policy has been established

B