Each part of the technology infrastructure should be assessed for its risk profile. From that assessment, a determination should be made to effectively and efficiently allocate the organization’s time and money toward achieving the most appropriate and best employed overall security policies. Do you agree or disagree