The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Senior management is in the best position to arbitrate since they will look at the overall needs of the business in reaching a decision.
The authority may be delegated to others by senior management after their review of the issues and security recommendations.
Units should not be asked to accept the risk without first receiving input from senior management.
The effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is to refer the issues to senior management along with any security recommendations (Option D).
Here's why:
A. Escalating issues to an external third party for resolution may not always be the best approach. It may not address the underlying issues and can also result in a loss of control over the situation. It is important for the information security manager to maintain ownership and control of the situation.
B. Ensuring that senior management provides authority for security to address the issues may help in some cases, but it is not always a practical solution. Senior management may not always be available or may not have the necessary expertise to understand the issues and make the right decisions.
C. Insisting that managers or units not in agreement with the security solution accept the risk is not an effective approach. This approach does not address the underlying issues and can result in resentment and lack of cooperation between teams.
D. Referring the issues to senior management along with any security recommendations is the most effective approach. This approach ensures that senior management is aware of the issues and can make informed decisions based on the recommendations provided. This approach also helps in maintaining ownership and control of the situation.
In conclusion, when issues arise between IT management, business units, and security management during the implementation of a new security strategy, the information security manager should refer the issues to senior management along with any security recommendations (Option D).