An information security manager finds that a soon-to-be deployed online application will increase risk beyond acceptable levels, and necessary controls have not been included. Which of the following is the BEST course of action for the information security manager?
A. Present a business case for additional controls to senior management.
B. Instruct IT to deploy controls based on urgent business needs.
C. Solicit bids for compensating control products.
D. Recommend a different application.
A. Present a business case for additional controls to senior management.
B. Instruct IT to deploy controls based on urgent business needs.
C. Solicit bids for compensating control products.
D. Recommend a different application.