Of course, "reasonable" is a matter of context. What works for a community college may not be the right approach for a bank or the Pentagon.

Now, I'm finding that being reasonable can also be beneficial in our . For example, when I wrote our several years ago, I didn't specify a particular technology. Instead, I stated that remote access to our company must employ two-factor authentication, (which I defined as a minimum of 128 bits) and the rule of least privilege, meaning a mailroom clerk shouldn't have the same type of access as a network engineer.

Trouble Ticket

At Issue: Every department is under orders to find ways to cut costs.

Action Plan: Encourage creative thinking, listen to others' ideas, and think outside the box.