An organization did not know its internal customer and financial databases were compromised
until the attacker published sensitive portions of the database on several popular attacker
websites. The organization was unable to determine when, how, or who conducted the attacks but
rebuilt, restored, and updated the compromised database server to continue operations.
Which of the following is MOST likely the cause for the organization’s inability to determine what
really occurred?

A.
Too few layers of protection between the Internet and internal network

B.
Lack of a defined security auditing methodology

C.
Poor intrusion prevention system placement and maintenance

D.
Insufficient logging and mechanisms for review