An IS manager has decided to implement a security system to monitor access to the Internet and
prevent access to numerous sites. Immediately upon installation, employees Hood the IT helpdesk
with complaints of being unable to perform business functions on Internet sites. This is an example
of:
A.
conflicting security controls with organizational needs.
B.
strong protection of information resources.
C.
implementing appropriate controls to reduce risk.
D.
proving information security’s protective abilities.
Explanation:
The needs of the organization were not taken into account, so there is a conflict. This example is
not strong protection, it is poorly configured. Implementing appropriate controls to reduce risk is
not an appropriate control as it is being used. This does not prove the ability to protect, but proves
the ability to interfere with business.