Which of the following tasks would provide a newly appointed information security manager with the BEST view of the organization's existing security posture?
BEST view of the organization's existing security posture is provide by the risk assessment. But don't forget that your FIRST step is to talk to the current management and then perform the Risk assessment. Correct answer is C.
C. Performing a risk assessment would provide a newly appointed information security manager with the best view of the organization's existing security posture. This is because a risk assessment is a comprehensive process for identifying, assessing, and prioritizing the risks facing an organization, and determining the appropriate controls and countermeasures to mitigate those risks. A risk assessment will provide the information security manager with a clear understanding of the organization's vulnerabilities and threats, as well as the existing controls in place to mitigate those risks, which is an important step in identifying areas where the security posture can be improved.
How you are going to do risk assessment without knowing org assets, I think that you first need to interview the business managers to understand the business then go with risk assessment
The question ask for what will give the "BEST" view and not the FIRST task or for that matter in what order. The Best VIEW of security posture will be provided from Risk Assessment either its done first, second or last.
Stop listening to chatgpt blindly guys. You can not perform a risk assessment without even knowing what you'll be assessing. It's common sense people. Interview managers and employees will give you an accurate picture of the company's security posture after which you can perform a risk assessment based on the information you've gathered.
C. Performing a risk assessment
Performing a risk assessment would provide a newly appointed information security manager with the BEST view of the organization's existing security posture. A risk assessment involves identifying and evaluating potential risks and vulnerabilities within the organization's systems, processes, and assets. This process provides insight into the current state of security, helps prioritize security measures, and informs the development of a comprehensive security strategy. It often includes reviewing policies and procedures, but it goes beyond that by assessing the actual risks and vulnerabilities in the organization's environment. Interviewing business managers and employees can also be part of the risk assessment process to gather additional information and insights.
I disagree. Not everyone would know the entire security posture. If you want the most accurate view you should do a risk assessment. Then, you can get a see the current security state. I think the answer should be C
upvoted 3 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CarlPTY07
Highly Voted 1 year, 8 months agoBroesweelies
Highly Voted 1 year, 9 months agodevilend
1 year, 4 months agojustx
Most Recent 2 months, 3 weeks agoRunAmok113
6 months, 3 weeks agoSalilgen
8 months, 2 weeks agoAlexJacobson
9 months, 4 weeks agoSoleandheel
12 months agooluchecpoint
1 year, 2 months agoGoseu
1 year, 4 months agorichck102
1 year, 4 months agoaokisan
1 year, 11 months agokortcl
1 year, 6 months ago