When installing controls, you have to understand what is the protection objective. Don’t just apply textbook knowledge for the sake of having controls. Understand the business environment and the consequence to determine the optimal controls.

Sometimes, controls are really unnecessary because the consequence is acceptable by common sense.

If you put the wrong focus, the protection doesn’t make any sense and wasting valuable resources. Don’t just insist for policy compliance because policy could be written incorrectly. Apply your professonal judgment as we are hired to do so. If not, you are neither competent for the job nor having common sense.

Leave a Reply