Where do you draw the line between too much security in an organization and not enough? Give and explain scenarios on both side Solution The first action of a management program to implement information security is to have a security program in place. Though some argue the first act would be to gain some real \"proof of concept\" and \"explainable thru display on the monitor screen\" security knowledge. Start with maybe understanding where OS passwords are stored within the code inside a file within a directory. If you don\'t understand Operating Systems at the root directory level maybe you should seek out advice from somebody who does before even beginning to implement security program management and objectives. Too much security has a drw back ofnot giving access to any softwares or any kind of information that we want to access immediatelty that leads to loss of work, where for example if an employee want to access some information inorder to do his work then due to high security he cannot able to access, it mean he cannot finish his work on time. Without having any security also there will be a big problem where malware and virus will attack the system and there is high chances of hacking and loss of information can also been done. .