A recent audit has identified that security controls by the organization’s policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?
A. Discuss the issue with the data owners to determine the reason for the exception
B. Discuss the issue with data custodians to determine the reason for the exception
C. Report the issue to senior management and request funding to fix the issue
D. Deny access to the application until the issue is resolved
A. Discuss the issue with the data owners to determine the reason for the exception
B. Discuss the issue with data custodians to determine the reason for the exception
C. Report the issue to senior management and request funding to fix the issue
D. Deny access to the application until the issue is resolved