Security Control Middle Ground Approach Paper

A business requirement for a proper ratio of security to cost might require that there be a middle ground. This condition exists somewhere between the all-or-nothing proposition of a current security control structure and a company’s obligation to maintain a well-balanced and financially feasible operational security response.


  1. Can there be a middle ground for some, all or none of the security controls? Why?
  2. Are there real world examples of this approach and where has it succeeded or failed?

Make sure to cite examples as well as document references in APA format. Thanks,