Which of the following is NOT a part of security auditing?

The choice of storing financial data is not considered a part of security auditing because security auditing focuses on assessing and reviewing the security measures and controls in place to protect information systems. Typically, security auditing involves monitoring and evaluating user actions to ensure compliance with security policies, analyzing potential security threats to identify vulnerabilities, and recognizing activities that may pose a risk to the organization's security posture.

While financial data may be part of what needs to be protected and monitored within an organization, its storage does not directly relate to the activities of auditing security measures. Instead, auditing aims to evaluate how effectively these protections are functioning and whether the organization adheres to regulatory and policy standards regarding security practices. Therefore, storing financial data falls outside the primary objectives and actions encompassed by security auditing.