Controls are necessary to reduce likelihood of risks.  But excessive controls shall have adverse effects:

  • Degrade productivity
  • Push back from user
  • Circumvent control

Risk assessment is required to design optimal and effective controls.  Change (behavior) management and user awareness need to be well established too.  Essentially,

  • Why is the control required
  • What is this meant in daily works (WIIFM for the user)
  • What is the consequence of violation (both organization and the offender)

Leave a Reply