Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
What is the MOST logical course of action the CISO should take?
A . Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements
B . Review the original solution set to determine if another system would fit the organization’s risk appetite and budget regulatory compliance requirements
C . Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor.
D . Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be proved when needed
Answer: B