A security policy exception is leading to an unexpected increase in the number of alerts about suspicious Internet traffic on an organization's network. Which of the following is the BEST course of action?
A.
Remove the rules that trigger the increased number of alerts.
B.
Present a risk analysis with recommendations to senior management.
C.
Update the risk register so that senior management is kept informed.
D.
Evaluate and update the enterprise network security architecture.
D. Evaluating and updating the enterprise network security architecture is the best course of action because it involves a comprehensive approach to addressing the issue. By reviewing the security architecture, you can identify the root cause of the increased alerts, determine how the security policy exception is impacting the network, and make necessary adjustments to the architecture to mitigate the risk. This ensures that the organization's security posture is improved, and it aligns with best practices for managing security incidents. Additionally, after the evaluation, you can still present a risk analysis and recommendations to senior management, but it will be based on a more informed assessment of the situation.
Option B suggests conducting a risk analysis to understand why the security policy exception is causing an increase in alerts and then presenting this analysis, along with recommendations, to senior management. This approach allows the organization to make informed decisions about how to proceed, balancing security with business needs. It's important to involve senior management in the decision-making process to ensure that the organization's security posture aligns with its overall strategic goals.
If there is an exception, it means that it got already got approved by senior management. It does not make sense to report alert increase to the senior management in this case. Evaluating and updating is what makes more sense to fine tune the rule and make the exception.
It is reasonable to interpret that the policy exception has been approved. Therefore, the BEST course of action is to evaluate and update the enterprise network security architecture to address the operational challenges caused by the exception
B. Present a risk analysis with recommendations to senior management.
If a security policy exception is leading to an unexpected increase in the number of alerts about suspicious Internet traffic on an organization's network, the best course of action would be to conduct a risk analysis to determine the potential impact of the exception on the organization and present recommendations to senior management. The risk analysis should include an assessment of the likelihood and potential impact of the increased traffic, as well as an evaluation of the existing security controls and their effectiveness in mitigating the risk. Based on the results of the analysis, recommendations can be made to senior management on how to address the issue, such as implementing additional security controls or revising the security policy.
Evaluation would involve risk assessing the policy exception, then reporting to the committee and then updating the security can mean a removal of the exception or configuring the tool appropriately
If the network is configured in a way that causes a "security policy exception" then this really should be reviewed and updated, shouldn't it? Furthermore, why involve "...to senior management" (as it says in B) if this should be able to be taken to the steering commitee?
Look at the exceptions that are causing the increase in alerts I think
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
oluchecpoint
Highly Voted 5 months, 4 weeks agooluchecpoint
5 months, 4 weeks agohohan
1 month, 2 weeks agohohan
Most Recent 1 month, 2 weeks agooluchecpoint
5 months, 4 weeks agoAgamennore
6 months, 1 week agoAaronS1990
6 months, 2 weeks agoSammy65
7 months, 1 week agokaranvp
8 months, 2 weeks agowello
9 months agorichck102
9 months agoBroesweelies
1 year, 1 month agoFruitykid
1 year, 2 months agodel_rjo
1 year, 2 months agoEZPASS
1 year, 3 months agoN1co_o
1 year, 3 months agoZiggybooboo
1 year, 3 months ago