A recent audit has identified that security controls by the organization’s policies have not been implemented for a particular application.
What should the information security manager do NEXT to address this issue?
A . Discuss the issue with the data owners to determine the reason for the exception
B . Discuss the issue with data custodians to determine the reason for the exception
C . Report the issue to senior management and request funding to fix the issue
D . Deny access to the application until the issue is resolved
Answer: A