When application-level security controlled by business process owners is found to be poorly
managed, which of the following could BEST improve current practices?
A.
Centralizing security management
B.
Implementing sanctions for noncompliance
C.
Policy enforcement by IT management
D.
Periodic compliance reviews
Explanation:
By centralizing security management, the organization can ensure that security standards are
applied to all systems equally and in line with established policy. Sanctions for noncompliance
would not be the best way to correct poor management practices caused by work overloads or
insufficient knowledge of security practices. Enforcement of policies is not solely the responsibility
of IT management. Periodic compliance reviews would not correct the problems, by themselves,
although reports to management would trigger corrective action such as centralizing security
management.