PrepAway - Latest Free Exam Questions & Answers

What immediate action should an information security manager take?

A business unit intends to deploy a new technology in a manner that places it in violation of
existing information security standards. What immediate action should an information security
manager take?

PrepAway - Latest Free Exam Questions & Answers

A.
Enforce the existing security standard

B.
Change the standard to permit the deployment

C.
Perform a risk analysis to quantify the risk

D.
Perform research to propose use of a better technology

Explanation:

Resolving conflicts of this type should be based on a sound risk analysis of the costs and benefits
of allowing or disallowing an exception to the standard. A blanket decision should never be given
without conducting such an analysis. Enforcing existing standards is a good practice; however,
standards need to be continuously examined in light of new technologies and the risks they
present. Standards should not be changed without an appropriate risk assessment.


Leave a Reply