Consider the following situation in the workplace: You are a paid security consultant working for
clients in a regulated industry where there are security standards required by HIPPA, GLB, SOX
and other related laws. You have completed a risk assessment of your current client and have
made a set of best practice recommendations for changes or upgrades to their existing security
posture. After reviewing your report, the client asks you to save them money by cutting out some
of the security measures that you recommend.
In particular, they want the network settings to be
more relaxed than your recommendations. You stress to the client that your recommendations are
based on industry recognized best security practices. Further, your analysis of the client’s
security needs show that sensitive information will be at risk if you agree to the relaxed network
settings requested. You explain this to the client, but your client's Board of Directors is adamant
that the costs associated with your recommendations exceed the costs they are willing to support
for IT security.
1. What action or inaction might be a cause for concern?
2. Who or what may be affected? How might they be affected?
3. What are the possible consequences?
4. As a IT professional, what are your choices of actions?
Get Free Quote!
288 Experts Online