A new internal network segmentation solution will be implemented into the enterprise that consists
of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three
changes to deploy a new application onto the network before it is operational. Security now has a
significant affect on overall availability. Which of the following would be the FIRST process to
perform as a result of these findings?
A.
Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution
could be met by another solution. Reuse the firewall infrastructure on other projects.
B.
Perform a cost benefit analysis and implement the solution as it stands as long as the risks are
understood by the business owners around the availability issues. Decrease the current SLA
expectations to match the new solution.
C.
Engage internal auditors to perform a review of the project to determine why and how the
project did not meet the security requirements. As part of the review ask them to review the control
effectiveness.
D.
Review to determine if control effectiveness is in line with the complexity of the solution.
Determine if the requirements can be met with a simpler solution.