A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security.
The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises.
Which of the following should the consultant recommend be performed to evaluate potential risks?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The most appropriate recommendation for the external security consultant to evaluate potential risks related to unauthorized access to the company's physical offices is D. The company should install a temporary CCTV system to detect unauthorized access to physical offices. Here is a detailed explanation of why this option is the most suitable choice:
A. The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration This option is not appropriate because it involves illegal and unethical activities that can harm the company and its employees. Social engineering is a malicious technique used to trick people into revealing sensitive information or performing actions that can compromise security. It is not a legitimate approach to assessing risks or evaluating security measures.
B. The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat Granting the consultant access to all physical access control systems may not be practical or necessary. It may also violate the principle of least privilege, which means granting users only the minimum privileges required to perform their tasks. Additionally, reviewing logs alone may not be sufficient to evaluate the likelihood of the threat since logs can be tampered with or incomplete.
C. The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats Conducting internal audits of access logs and employee social media feeds may be a reasonable approach to identifying insider threats. However, it may not be relevant to evaluating the risk of unauthorized access to physical offices. Insider threats can come from employees or contractors who have legitimate access to the company's resources, while unauthorized access typically involves external actors.
D. The company should install a temporary CCTV system to detect unauthorized access to physical offices. Installing a temporary CCTV system is the most appropriate recommendation because it addresses the specific concern of unauthorized access to physical offices. CCTV systems can detect and record any attempts to enter restricted areas, identify individuals who may pose a threat, and provide evidence for investigations. CCTV systems can also deter potential intruders by making them aware of the monitoring. Installing a temporary CCTV system allows the consultant to evaluate the effectiveness of the physical security measures and recommend any necessary improvements.