An organization is in the process of acquiring a competitor.
The information security manager has been asked to report on the security posture of the target acquisition.
Which of the following should be the security manager's FIRST course of action?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
When an organization is in the process of acquiring a competitor, it is essential to evaluate the target acquisition's security posture to ensure the protection of both companies' data and systems. Therefore, the information security manager's first course of action should be to perform a gap analysis (Option C).
A gap analysis is a process of evaluating the current state of an organization's security controls and identifying the gaps or deficiencies that exist between the current state and the desired state. In this case, the information security manager should conduct a gap analysis of the target acquisition's security posture to identify any security gaps that may exist.
Once the security gaps have been identified, the information security manager can then quantify the potential risk (Option B) and perform a vulnerability assessment (Option D) to determine the likelihood and impact of a security breach. These activities should be performed in conjunction with the gap analysis to provide a more comprehensive understanding of the target acquisition's security posture.
Finally, implementing a security dashboard (Option A) can be helpful in providing ongoing visibility into an organization's security posture. However, this activity should only be considered after the gap analysis, risk quantification, and vulnerability assessment have been completed to ensure that the security dashboard provides accurate and actionable information.
In conclusion, the information security manager's first course of action should be to perform a gap analysis of the target acquisition's security posture to identify any security gaps that may exist.