An information security manager was informed that a planned penetration test could potentially disrupt some services. Which of the following should be the FIRST course of action?
A.
Estimate the impact and inform the business owner.
B.
Accept the risk and document it in the risk register.
C.
Ensure the service owner is available during the penetration test.
D.
Reschedule the activity during an approved maintenance window.
D would be the most logical since it says "approve" meaning there were some escalation process and authorization process involved with the stake-holders before the windows was chosen to minimize disruption.
I assume a planned pen-test is fully approved.. that's why we called "planned" .. if the question says "planning", maybe I will think D is the best option.. since it has been planed , I assume we we can do is estimate the impact and make a risk-based decision according to the estimated imapct with biz owner.
C. Ensure the service owner is available during the penetration test.
Before proceeding with a planned penetration test that could potentially disrupt some services, it is crucial to have the service owner or relevant stakeholders involved and available during the test. This ensures that they are aware of the potential disruptions, can provide real-time support or troubleshooting if issues arise, and can make informed decisions about any necessary actions during the test.
If it’s a “planned penetration test” I’m assuming it’s already approved therefore you should estimate the impact as the security manager and inform the business owner.
Doing it during maintenance window means that there's less impact to users and if anything goes wrong, change can always be rolled back with very minimum impact
The first course of action should be to reschedule the penetration test during an approved maintenance window to minimize the risk of disrupting services. This option provides a balance between security testing and service continuity. Option A may be necessary after the decision to reschedule has been made, as it will allow the impact of the rescheduling to be estimated and communicated to the business owner. Option B is not appropriate in this situation because it does not address the issue of potentially disrupting services. Option C is also not the best course of action, as having the service owner available does not necessarily prevent disruption of services during the penetration test. D is the right answer
Read the question over, the answer is: A. The pent test is already PLANNED meaning they approved the pent test, so why would they reschedule it!!! The have to measure what it looks like while users are active so they can know when something suspicious is going down on their network(measuring the business impact).
Second, the business owner is in the best position to assess the potential impact on critical services and make informed decisions based on the organization's priorities and risk appetite.
Yes, planned but the new information came later therefore new decision is needed. If disruption is expected, business operation should take priority and therefore reschedule to maintenance window should be right. Just my assessment.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
D2D2
Highly Voted 2 years agooluchecpoint
1 year, 2 months agoalifjouj
Most Recent 2 months, 3 weeks agooluchecpoint
8 months, 2 weeks agoMarcelus1714
8 months, 2 weeks agoe891cd1
8 months, 4 weeks agoLearner76
12 months agoDonnyX
1 year, 1 month agooluchecpoint
1 year, 2 months agoDavoA
1 year, 4 months agokaranvp
1 year, 5 months ago45
1 year, 5 months agorichck102
1 year, 5 months agoNaijaboy
1 year, 6 months ago[Removed]
1 year, 4 months agobambs
1 year, 7 months agodrewl25
1 year, 3 months agoLearner76
12 months agomeelaan
1 year, 8 months agoProspect57
1 year, 10 months agomohit05
1 year, 11 months ago