What immediate action should the information security manager take?

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards.

What immediate action should the information security manager take?
A . Enforce the existing security standards and do not allow the deployment of the new technology.
B . If the risk associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
C . Amend the standard to permit the deployment.
D . Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

View Answer

Answer: B