The greatest concern to an IS auditor conducting an audit of an organization that recently experienced a ransomware attack is that backups were only performed within the local network. This means that the backups could have been encrypted or deleted by the ransomware, making it impossible to restore the data and systems without paying the ransom or losing the data. Backups are a critical part of the recovery process from a ransomware attack, and they should be performed frequently, securely, and off-site or in the cloud to ensure their availability and integrity.
The other options are not as concerning as option C, although they may also indicate some security weaknesses. Antivirus software was unable to prevent the attack even though it was properly updated, but this is not surprising given that ransomware variants are constantly evolving and antivirus software may not be able to detect them all. The most recent security patches were not tested prior to implementation, but this is a trade-off between security and availability that may be justified depending on the severity and urgency of the patches. Employees were not trained on cybersecurity policies and procedures, but this is a preventive measure that may not have prevented the attack if it was initiated by other means such as phishing or exploiting vulnerabilities.
References:
* 10: Infrastructure-as-a-Service Security Responsibilities - CloudTweaks
* 5: 3 steps to prevent and recover from ransomware | Microsoft Security Blog
* 7: How to Recover From a Ransomware Attack - eSecurityPlanet

The correct answer is A. Overwriting multiple times. Overwriting is a method of securely erasing data from a hard disk by replacing the existing data with random or meaningless data, making it difficult or impossible to recover the original data1. Overwriting multiple times, also known as multiple-pass overwriting, is a more effective way of disposing of sensitive data than overwriting once, as it reduces the possibility of residual traces of data that could be recovered by advanced techniques2. Overwriting multiple times can be done by using specialized software tools that follow certain standards or algorithms, such as the US Department of Defense's DoD 5220.22-M or the Gutmann method3.