Jeyapaul is the IT security manager at a large financial institution. Recently, there have been several deviations from the established security baselines within the organization. His team has identified several potential causes and is now tasked with determining the MOST effective course of action to address the deviations. Which of the following options is the MOST effective course of action for addressing deviations from security baselines within the organization?