Business units within an organization are resistant to proposed changes to the information security program.
Which of the following is the BEST way to address this issue?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The BEST way to address the issue of business units within an organization being resistant to proposed changes to the information security program is by including business unit representation on the security steering committee (Option C).
Explanation: Option A, implementing additional security awareness training, might be helpful to some extent, but it may not address the underlying concerns or reasons for the resistance. The employees may be already aware of the security protocols, and additional training may not change their mind.
Option B, communicating critical risk assessment results to business unit managers, may be a useful way to raise awareness about the risks that the organization is facing. However, it may not necessarily result in acceptance of the proposed changes.
Option D, publishing updated information security policies, may be a necessary step in updating the security program, but it may not be sufficient to address the resistance of the business units.
Option C, including business unit representation on the security steering committee, is the BEST way to address the issue. By including the business units in the decision-making process, they will have the opportunity to provide feedback, express concerns, and help to shape the security program. This approach will promote ownership and buy-in from the business units and reduce the likelihood of resistance to proposed changes.
In summary, including business unit representation on the security steering committee is the best way to address the resistance of business units to proposed changes in the information security program.