D. Unauthorized system actions are recorded but not investigated.
If unauthorized system actions are not investigated, the log is useless. Not backing up logs periodically is a risk, but not as critical as the need to investigate questionable actions. Recording routine events can make it more difficult to recognize unauthorized actions, but the critical events are still recorded. Procedures for enabling and reviewing logs should be documented, but documentation does not ensure investigation.
