What should the information security manager do FISRT when end users express that new security controls are too restrictive?
A. Perform a risk assessment on modifying the control environment.
B. Perform a cost-benefit analysis on modifying the control environment.
C. Conduct a business impact analysis (BIA).
D. Obtain process owner buy-in to remove the controls.
A. Perform a risk assessment on modifying the control environment.
B. Perform a cost-benefit analysis on modifying the control environment.
C. Conduct a business impact analysis (BIA).
D. Obtain process owner buy-in to remove the controls.