The Chief Information Security Officer (CISO) regularly receives reports of a single department
repeatedly violating the corporate security policy. The head of the department in question informs
the CISO that the offending behaviors are a result of necessary business activities. The CISO
assigns a junior security administrator to solve the issue. Which of the following is the BEST
course of action for the junior security administrator to take?
A.
Work with the department head to find an acceptable way to change the business needs so the
department no longer violates the corporate security policy.
B.
Draft an RFP for the purchase of a COTS product or consulting services to solve the problem
through implementation of technical controls.
C.
Work with the CISO and department head to create an SLA specifying the response times of
the IT security department when incidents are reported.
D.
Draft an MOU for the department head and CISO to approve, documenting the limits of the
necessary behavior, and actions to be taken by both teams.