A new internal network segmentation solution will be implemented into the enterprise that consists of 200
internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a
new application onto the network before it is operational. Security now has a significant effect on overall
availability. Which of the following would be the FIRST process to perform as a result of these findings?
A.
Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met
by another solution. Reuse the firewall infrastructure on other projects.
B.
Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood
by the business owners around the availability issues. Decrease the current SLA expectations to match the
new solution.
C.
Engage internal auditors to perform a review of the project to determine why and how the project did not
meet the security requirements. As part of the review ask them to review the control effectiveness.
D.
Review to determine if control effectiveness is in line with the complexity of the solution.
Determine if the requirements can be met with a simpler solution.