A recent audit has identified that security controls required by the organization’s policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?
A. Deny access to the application until the issue is resolved.
B. Discuss the issue with data custodians to determine the reason for the exception.
C. Report the issue to senior management and request funding to fix the issue.
D. Discuss the issue with data owners to determine the reason for the exception.
A. Deny access to the application until the issue is resolved.
B. Discuss the issue with data custodians to determine the reason for the exception.
C. Report the issue to senior management and request funding to fix the issue.
D. Discuss the issue with data owners to determine the reason for the exception.