A company hires another firm to test the integrity of its information security controls.
This is an example of:
A.
role separation B.
device hardening C.
risk assessment D.
penetration testing.
D.
A company hires another firm to test the integrity of its information security controls.
This is an example of:
A.
role separation
B.
device hardening
C.
risk assessment
D.
penetration testing.
D.
The correct answer is D. penetration testing.
Penetration testing is the process of simulating an attack on a network or system to identify vulnerabilities and weaknesses in information security controls. In this scenario, the company has hired another firm to conduct a penetration test to assess the effectiveness of its information security controls.
The purpose of a penetration test is to identify potential security risks and vulnerabilities that can be exploited by attackers, and to recommend measures to improve security. It is a proactive approach to security, as it allows companies to identify and address security issues before they can be exploited by attackers.
Role separation, device hardening, and risk assessment are all important aspects of information security, but they are not directly related to the scenario described in the question.
Role separation refers to the practice of separating duties and responsibilities among different individuals to prevent fraud and errors. Device hardening refers to the process of securing devices by removing unnecessary software and services, and applying security patches and updates. Risk assessment is the process of identifying and analyzing potential risks and threats to an organization's information assets.