An information security manager learns that a departmental system is out of compliance with the information security policy’s authentication requirements. Which of the following should be the information security manager’s FIRST course of action?
A. Isolate the noncompliant system from the rest of the network.
B. Submit the issue to the steering committee for escalation.
C. Request risk acceptance from senior management.
D. Conduct an impact analysis to quantify the associated risk.
A. Isolate the noncompliant system from the rest of the network.
B. Submit the issue to the steering committee for escalation.
C. Request risk acceptance from senior management.
D. Conduct an impact analysis to quantify the associated risk.