What immediate action should an information security manager take?

Posted by: Pdfprep Category: CISM Tags: , ,

A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards.

What immediate action should an information security manager take?
A . Enforce the existing security standard
B . Change the standard to permit the deployment
C . Perform a risk analysis to quantify the risk
D . Perform research to propose use of a better technology

Answer: C

Explanation:

Resolving conflicts of this type should be based on a sound risk analysis of the costs and benefits of allowing or disallowing an exception to the standard. A blanket decision should never be given without conducting such an analysis. Enforcing existing standards is a good practice; however, standards need to be continuously examined in light of new technologies and the risks they present. Standards should not be changed without an appropriate risk assessment.

Leave a Reply

Your email address will not be published.