What should the information security manager do NEXT to address this issue?

A recent audit has identified that security controls required by the organization’s policies have not been implemented for a particular application.

What should the information security manager do NEXT to address this issue?
A . Deny access to the application until the issue is resolved.
B . Discuss the issue with data custodians to determine the reason for the exception.
C . Report the issue to senior management and request funding to fix the issue.
D . Discuss the issue with data owners to determine the reason for the exception.

View Answer

Answer: D