Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs. The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system’s scalability.
This demonstrates which of the following?
A . A methodology-based approach to ensure authentication mechanism functions
B . An approach providing minimum time impact to the implementation schedules
C . An approach that allows for minimum budget impact if the solution is unsuitable
D . A risk-based approach to determine if the solution is suitable for investment
Answer: D