The original post: /r/cybersecurity by /u/throwaway198713652 on 2024-11-11 09:13:08.

We have the backing (and funding) of our execs to secure our business. It’s a large business so the investment is not insignificant.

However, our top team are constantly asking for policies to be flexed for them, exclusions to be given etc. It’s usually for stuff that doesn’t feel business related, but maybe it is.

So how much flex do you all give? Personally, my preference would be zero flex as we’ve implemented these controls for a reason. But equally, I like being employed!