CompTIA CySA+ (CS0-002) — Question 248

A financial institution's business unit plans to deploy a new technology in a manner that violates existing information security standards. Which of the following actions should the Chief Information Security Officer (CISO) take to manage any type of violation?

Answer options

• A. Enforce the existing security standards and controls.
• B. Perform a risk analysis and qualify the risk with legal.
• C. Perform research and propose a better technology.
• D. Enforce the standard permits.

Correct answer: B

Explanation

The correct answer is B because performing a risk analysis allows the CISO to understand the potential impacts of the violation and involve the legal team to ensure compliance. Answer A is incorrect as simply enforcing existing standards does not address the violation; C is not relevant since proposing a better technology does not resolve the breach of standards; D is also incorrect because enforcing standard permits does not address the violation of security protocols.