At this point, you have a pretty clear understanding that although PVSS has a desire to do things in sound and secure fashion, it is not able to consolidate efforts and focus its attention in appropriate places.
Part of the IT organization thinks that locking down the workstations is critical at this point, while a different group thinks that securing the network and servers should be considered a top priority.
- Explain why you feel that having both teams continuously discussing and working separately would not be the ideal solution.
- What is your understanding of risk assessment?
- How do you think a risk assessment might be able to resolve this conflict?
- What is your understanding of risk assessment?