A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks.
Which of the following should the CSO conduct FIRST?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The CSO's first step should be to conduct an internal audit against industry best practices to perform a qualitative analysis (Option C).
Option A, surveying threat feeds from services inside the same industry, may provide valuable information, but it does not guarantee the company's security posture will improve. Additionally, threat feeds are only one aspect of security, and the CEO's request was to improve the company's overall security posture.
Option B, purchasing multiple threat feeds to ensure diversity and implementing blocks for malicious traffic, may also provide valuable information, but it does not guarantee the company's security posture will improve. Additionally, purchasing threat feeds can be costly, and implementing blocks for malicious traffic may result in false positives, blocking legitimate traffic.
Option D, deploying a UTM (Unified Threat Management) solution that receives frequent updates from a trusted industry vendor, may be a good step in improving security, but it is not the first step the CSO should take. Before deploying a UTM solution, the CSO needs to understand the company's current security posture and identify any gaps or weaknesses.
Therefore, conducting an internal audit against industry best practices to perform a qualitative analysis is the first step the CSO should take. This will provide a comprehensive understanding of the company's current security posture and help identify areas that need improvement. Once the audit is complete, the CSO can prioritize actions and implement solutions to improve the company's security posture.