Upgrading Security Posture on workplace

business

Description

Consider the following situation in the workplace: You are a paid security consultant working for

clients in a regulated industry where there are security standards required by HIPPA, GLB, SOX

and other related laws.  You have completed a risk assessment of your current client and have

made a set of best practice recommendations for changes or upgrades to their existing security

posture. After reviewing your report, the client asks you to save them money by cutting out some

of the security measures that you recommend. 


In particular, they want the network settings to be

more relaxed than your recommendations. You stress to the client that your recommendations are

based on industry recognized best security practices. Further, your analysis of the client’s

security needs show that sensitive information will be at risk if you agree to the relaxed network

settings requested. You explain this to the client, but your client's Board of Directors is adamant

that the costs associated with your recommendations exceed the costs they are willing to support

for IT security.

1. What action or inaction might be a cause for concern? 

2. Who or what may be affected? How might they be affected? 

3. What are the possible consequences? 

4. As a IT professional, what are your choices of actions?


Related Questions in business category


Disclaimer
The ready solutions purchased from Library are already used solutions. Please do not submit them directly as it may lead to plagiarism. Once paid, the solution file download link will be sent to your provided email. Please either use them for learning purpose or re-write them in your own language. In case if you haven't get the email, do let us know via chat support.