The Chief Executive Officer (CEO) of a fast-growing company no longer knows all the employees and is concerned about the company's intellectual property being stolen by an employee. Employees are allowed to work remotely with flexible hours, creating unpredictable schedules. Roles are poorly defined due to frequent shifting needs across the company. Which of the following new initiatives by the information security team would BEST secure the company and mitigate the CEO’s concerns?
Begin simulated phishing campaigns for employees and follow up with additional security awareness training
Seed company fileshares and servers with text documents containing fake passwords and then monitor for their use
Implement DLP to monitor data transfer between employee accounts and external parties and services
Report data from a user-behavior monitoring tool and assign security analysts to review it daily
Ans:
Implement DLP to monitor data transfer between employee accounts
and external parties and services.
Explanation:
The key is to PREVENT the exfiltration of data.
The Chief Executive Officer (CEO) of a fast-growing company no longer knows all the employees and...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...