Exam CS0-002 topic 1 question 203 discussion

Vote for B. agree with @prntscrn23

is the best option

Option B is the most appropriate action because it enables the CISO to understand the potential risks associated with the deployment of the new technology, assess the impact it could have on the organization, and determine the legal implications of any breaches that may arise. This approach allows the CISO to identify the gaps between the existing security standards and the new technology, and to determine the appropriate course of action to manage any violations.

Sorry meant A

The business unit is rolling out technology that will violate the companies technology standards.... The CISO should stand his ground and enforce the policies.. thats his job. There is no reason to get legal involved.. this is a conflict within the organization itself.

The International Standards Organization, or ISO, develops standards for businesses around the world so that they may operate using a uniform set of best practices. These standards are not enforceable laws, but companies who choose to follow them stand to gain international credibility from their compliance; standards are set as guidance for best practices but are not enforceable laws, so B.

I will put my money on B and here's I interpret the scenario: Right off the bat it says "deploy a new technology in a manner that violates existing information security standards." First reaction is "No. Security standards and controls are there for a reason and we will not move forward on this proposal/plan." However in real world scenario, before C-Suite levels and Leaders and Legal (if it involves PIIs) in an organization gives a decision, they will discuss the following: 1. How this "new technology" will benefit the business (functions)? 2. What are the advantages and disadvantages of this "new technology" in terms of business side, the team that will use the technology, maintenance, support, and so on.. 3. What are the possible risks and its severity levels that it can bring to the business and how the team that will support it manage resolve it? and the list goes on. Once those things are discussed, C-Suites and the Leaders will decide if they are going to move forward and explore the new technology or not. ***Let me know your insights..

one of CISO duties is performing risk assessments so he can do some analysis and show some examples to legal

The answer is in the question itself, "violates existing information security standard", solution? enforce it.

A - There could be legal reasons as it might fall under the Statement of Work (SOW)