What should the information security manager do FISRT when end users express that new security controls are too restrictive?

What should the information security manager do FISRT when end users express that new security controls are too restrictive?

December 19, 2021 by Admin

What should the information security manager do FISRT when end users express that new security controls are too restrictive?

Perform a risk assessment on modifying the control environment.
Perform a cost-benefit analysis on modifying the control environment.
Conduct a business impact analysis (BIA).
Obtain process owner buy-in to remove the controls.

Leave a Reply Cancel reply

×