What can organizations do when using “best practices” settings cause something to break? This article discusses your options.
By Carol Woodbury
Of course, implementing what is recommended as a “best practice” is what you should strive to do. However, I’ve found that there are instances when implementing a best practice setting in its most literal sense will cause issues. What should you do? Ignore that aspect of security and move on? No. You’ll want to find an alternative solution that meets the spirit of the best practice recommendation but fulfills it differently. In the security and audit world, that’s called a “compensating control.” Let’s look at some examples.