Where do you draw the line between too much security in an organization and not enough? Give and explain scenarios on both sides. Solution The line is drawn exactly in between excessive security and not enough security. 1)To much security: excessive threats causes when we give extra privilages and high authorites to cutomers and administrators high and complex security architecture It is incumbent on the information security professional to consider and prioritise the business requirements. The risk assessment and risk management process shouldn’t restrict the business from achieving its objectives. having more excwssive security makes things complicated 2)To less security: weak and easily penetrable security system weak foundational architecture .