Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs. The CISO discovers the scalability issue will only impact a small number of network segments.
What is the next logical step to ensure the proper application of risk management methodology within the two-factor implementation project?
A . Decide to accept the risk on behalf of the impacted business units
B . Create new use cases for operational use of the solution
C . Report the deficiency to the audit team and create process exceptions
D . Determine if sufficient mitigating controls can be applied
Answer: D
Leave a Reply