You are a security analyst for your company. The company has recently started a new software development project. The new project includes a distributed computing environment as recommended by the lead architect. The project's security architect expresses concerns about system integrity if a commercial cloud environment is used. It is at this point that you join the project team. You discover

that the security risks of the proposed solution are not being given any attention because of the poor communication within the team. A network administrator on the project has a security background and is concerned about the project's overall success. What is the BEST course of action you should take?

A. Develop an alternative architecture proposal that does not leverage cloud computing, and present it to the lead architect.
B. Document mitigations to the security concerns, and facilitate a meeting of the project team.
C. Edit the current proposal so that it addresses the security concerns through the network design and security controls.
D. Implement mitigations to the security concerns, and facilitate a meeting of the project team.

---

B
Explanation: You should document mitigations to the security concerns and facilitate a meeting of the project team. This will give the team an opportunity to address all the security concerns in person.
Developing an alternative proposal would be time-consuming and may not be necessary in this situation. The key in this scenario is getting the team to recognize and address the security issues.
Editing the current proposal without the project team's input is not a good solution. Obtaining the project team's buy in and opinion is very important for project success.
Implementing the mitigations and facilitating a meeting is not a good solution because the mitigations are implemented without the input of the project team.