When a proposed system change violates an existing security standard, the conflict would be BEST resolved
by:

A.
calculating the residual risk.

B.
enforcing the security standard.

C.
redesigning the system change.

D.
implementing mitigating controls.

Explanation:

Decisions regarding security should always weigh the potential loss from a risk against the existing controls.
Each situation is unique; therefore, it is not advisable to always decide in favor of enforcing a standard.
Redesigning the proposed change might not always be the best option because it might not meet the business needs. Implementing additional controls might be an option, but this would be done after the residual risk is known.