Integrating each SaaS solution with an Identity Provider (IdP) is the most effective way to address the security issue. This approach allows for Single Sign-On (SSO) capabilities, where users can access multiple SaaS applications with a single set of credentials while maintaining strong password policies across all services. It simplifies the user experience and ensures consistent security enforcement across different SaaS platforms.
References =
* CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.
* CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.

When a security manager is hired from outside the organization to lead security operations, the first action should be to review the existing security policies. Understanding the current security policies provides a foundation for identifying strengths, weaknesses, and areas that require improvement, ensuring that the security program aligns with the organization's goals and regulatory requirements.
* Review security policies: Provides a comprehensive understanding of the existing security framework, helping the new manager to identify gaps and areas for enhancement.
* Establish a security baseline: Important but should be based on a thorough understanding of existing policies and practices.
* Adopt security benchmarks: Useful for setting standards, but reviewing current policies is a necessary precursor.
* Perform a user ID revalidation: Important for ensuring user access is appropriate but not the first step in understanding overall security operations.

The primary goal of corrective controls in financial systems is to ensure that errors do not propagate across interconnected systems. Financial transactions are often interdependent, meaning one incorrect or unauthorized change can affect multiple systems. Regulations often mandate these controls to maintain accuracy and prevent cascading failures.
A (insider threats altering banking details) is a concern, but this scenario focuses on corrective controls, not insider threats specifically.
C (business insurance) is unrelated to why corrective controls are implemented.
D (preventing unauthorized changes) falls under preventive, not corrective controls.
Reference:
CompTIA Security+ SY0-701 Official Study Guide, Security Program Management and Oversight domain.