When a proposed system change violates an existing security standard, the conflict would be
BEST resolved by:
A.
calculating the residual risk.
B.
enforcing the security standard.
C.
redesigning the system change.
D.
implementing mitigating controls.
Explanation:
Decisions regarding security should always weigh the potential loss from a risk against the existing
controls. Each situation is unique; therefore, it is not advisable to always decide in favor of
enforcing a standard. Redesigning the proposed change might not always be the best option
because it might not meet the business needs. Implementing additional controls might be an
option, but this would be done after the residual risk is known.