How to Prioritize and Operationalize Your Remediation Strategy

Right sizing is a term we use when we talk about remediation. One of the strategies to do that could be an activity-based role or policy, right? You have high risk permissions that you're not using, why leave those permanently assigned? That's what we mean by right sizing. This leads perfectly to a question that I have because you said that you'renot going to create a role for every user,. So how do you prioritize? How do you operationalize this?