December 19, 2021 by Admin
What should the information security manager do FISRT when end users express that new security controls are too restrictive?
- Perform a risk assessment on modifying the control environment.
- Perform a cost-benefit analysis on modifying the control environment.
- Conduct a business impact analysis (BIA).
- Obtain process owner buy-in to remove the controls.