Senior leadership wants to launch a new customer analytics platform that processes regulated personal data. The CISO identifies control gaps that exceed the organization’s stated risk appetite, but executives are pushing for speed to market. What is the MOST appropriate action for the CISO to take NEXT? A. Document the risk and accept it to support business objectives B. Implement compensating controls within the security team C. Escalate the risk to senior management for formal risk acceptance D. Delay the project until all identified risks are fully mitigated Come back for the answer tomorrow! Study more now at CISSP.app

A business unit requests an exception to bypass multifactor authentication for a legacy system that cannot support it without a costly upgrade. The system processes sensitive but non-regulated data, and no active exploits are known. What should the security manager do FIRST? A. Deny the request and mandate immediate MFA implementation B. Perform a risk assessment and formally document risk acceptance C. Approve the exception indefinitely due to technical limitations D. Compensate by increasing network monitoring without documentation

After a suspected insider incident, system logs from multiple servers show inconsistent timestamps and missing entries. Legal counsel advises that the organization may face litigation. Operations wants logs centralized immediately to restore visibility. What should the security manager do FIRST? A. Centralize all logs immediately to improve operational monitoring B. Preserve existing logs and establish forensic chain of custody C. Reconfigure time synchronization across all affected systems D. Notify law enforcement and external counsel of potential evidence gaps

An organization integrates automated security testing into its CI/CD pipeline. Shortly after deployment, build times increase significantly, and developers begin bypassing security checks to meet release deadlines. Senior management is concerned about both security and delivery velocity. What should the security lead do FIRST? A. Disable automated security testing to restore build speed B. Tune and prioritize security tests based on risk and criticality C. Enforce strict policy violations and discipline developers D. Move security testing entirely to post-deployment monitoring

An organization migrating legacy file shares to a cloud collaboration platform discovers that several datasets contain regulated records with no documented retention periods or data owners. The business wants immediate migration to meet a project deadline. What should the security manager do FIRST? A. Migrate the data and address ownership and retention after cutover B. Identify data owners and define retention requirements before migration C. Apply default retention policies to all datasets to avoid delay D. Escalate the issue to legal and halt the migration indefinitely