Which of the following is the BEST indication that an information security control is no longer relevant?
Which of the following is the BEST indication that an information security control is no longer relevant?
The best indication that an information security control is no longer relevant is that it does not support a specific business function. Information security controls are implemented to protect business processes and functions. If a control no longer aligns with or supports the business objectives, it has lost its relevance. While cost efficiency, management support, and technology obsolescence are factors to consider, the primary purpose of any control is to protect and enable business functions.
B. The control doesn't support Business functions
Agree with B.
also agree with B. Not all controls are related to technology
B. The control does not support a specific business function.
No longer relevant, which means it was relevant before