An information security manager has identified and implemented migrating controls according to industry best practices.
Which of the following is the GREATEST risk associated with this approach?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The greatest risk associated with identifying and implementing migrating controls according to industry best practices is that the security program may not be aligned with organizational objectives.
Explanation:
A. Important security controls may be missed without senior management input: Although senior management input is valuable in identifying security controls, it is not the greatest risk associated with implementing migrating controls.
B. The cost of control implementation may be too high: While the cost of control implementation is a valid concern, it is not the greatest risk.
C. The migration measures may not be updated in a timely manner: Timely updates are crucial to maintaining the effectiveness of controls, but this is not the greatest risk.
D. The security program may not be aligned with organizational objectives: The greatest risk associated with identifying and implementing migrating controls according to industry best practices is that the security program may not be aligned with organizational objectives. Organizations have unique objectives and risks that may require controls beyond those recommended by industry best practices. Therefore, blindly implementing controls without considering the organization's goals can result in an ineffective security program that does not meet the needs of the organization.
In summary, implementing migrating controls according to industry best practices without aligning them with organizational objectives poses the greatest risk, as the security program may not adequately address the organization's unique risks and requirements.