Which of the following is the BEST indication that an information security control is no longer relevant?
Which of the following is the BEST indication that an information security control is no longer relevant?
The best indication that an information security control is no longer relevant is that it does not support a specific business function. Information security controls are implemented to protect business processes and functions. If a control no longer aligns with or supports the business objectives, it has lost its relevance. While cost efficiency, management support, and technology obsolescence are factors to consider, the primary purpose of any control is to protect and enable business functions.
B. The control doesn't support Business functions
B. The control does not support a specific business function.
Not D: technology could stil be used (e.g. old PC in control room etc)
Agree with B.
also agree with B. Not all controls are related to technology
No longer relevant, which means it was relevant before