Addressing Email Disruption
Question
An enterprise has a zero-tolerance policy regarding security.
This policy is causing a large number of email attachments to be blocked and is a disruption to the enterprise.
Which of the following should be the FIRST governance step to address this email issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The first governance step to address the email issue caused by the zero-tolerance policy regarding security in the enterprise should be to "Obtain senior management input based on identified risk" (Option A).
Explanation:
Option A suggests that senior management input should be obtained based on identified risk. This is a necessary first step to address the email issue because it allows the enterprise to evaluate the risks and impacts associated with the current zero-tolerance policy.
The email issue caused by the policy could lead to several unintended consequences, such as decreased productivity, missed deadlines, and inability to conduct business effectively. By obtaining senior management input based on identified risk, the enterprise can better understand the risks associated with the email issue and evaluate the impacts of maintaining the current policy.
Option B suggests directing the development of an email usage policy. However, an email usage policy may already be in place, and it may not address the current issue caused by the zero-tolerance policy. Developing a new policy without obtaining senior management input based on identified risk could lead to further disruptions or unintended consequences.
Option C suggests recommending business sign-off on the zero-tolerance policy. However, recommending business sign-off without understanding the risks and impacts associated with the email issue is not a recommended approach. The enterprise needs to understand the risks and impacts first before making any recommendations to senior management.
Option D suggests introducing an exception process. However, introducing an exception process without understanding the risks and impacts associated with the email issue is not recommended. The enterprise needs to understand the risks and impacts first before introducing an exception process.
In conclusion, the first governance step to address the email issue caused by the zero-tolerance policy regarding security in the enterprise should be to obtain senior management input based on identified risk. This allows the enterprise to evaluate the risks and impacts associated with the current policy and make informed decisions.
