During the security review of a legacy business application, it was discovered that sensitive client data is not encrypted in storage, which does not comply with the organization’s information security policy. Which of the following would be the information security manager’s BEST course of action?
A. Implement encryption on client data.
B. Report the noncompliance to senior management.
C. Analyze compensating controls and assess the associated risk.
D. Determine the cost of encryption and discuss with the application owner.
A. Implement encryption on client data.
B. Report the noncompliance to senior management.
C. Analyze compensating controls and assess the associated risk.
D. Determine the cost of encryption and discuss with the application owner.