An organization’s security policy can be interpreted in a few ways. A strict security policy interpretation means that no security controls exist unless they are directed by the policy. A less strict interpretation allows IT security to exercise some discretion to implement best practices that may not be explicitly defined in the security policy.
Answer the following question(s):
In your opinion, does strict security policy interpretation provide better security than a less strict interpretation? Why or why not?