A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks.
Which of the following would BEST meet the CSO's objectives?
A.
Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares. B.
Purchase cyber insurance from a reputable provider to reduce expenses during an incident. C.
Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks. D.
Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
D.
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks.
Which of the following would BEST meet the CSO's objectives?
A.
Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.
B.
Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
C.
Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks.
D.
Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
D.
The Chief Security Officer's (CSO) key priorities are to improve the organization's preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. To achieve these objectives, the CSO must implement a combination of preventive and detective controls, awareness training, and incident response procedures.
Option A proposes several preventive controls such as email filtering, centralized account management, and patching high-risk systems, and also restricts administration privileges on fileshares. These controls can help prevent ransomware attacks from happening in the first place or at least limit their impact. While this is a good start, it may not be enough to meet the CSO's objectives.
Option B, purchasing cyber insurance, is a detective control that can help the organization mitigate financial losses during an incident. Cyber insurance typically covers the cost of ransom payments, legal fees, and other incident response costs. However, it does not address the root cause of the problem, which is the susceptibility of the organization's systems to ransomware attacks.
Option C proposes investing in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks. While this is a valuable control, it may not directly address the CSO's objectives, which are to minimize system downtime and enhance organizational resilience to ransomware attacks.
Option D proposes a combination of preventive and detective controls such as implementing application whitelisting, centralized event-log management, and performing regular testing and validation of full backups. Application whitelisting can prevent unauthorized applications, including ransomware, from executing on the system. Centralized event-log management can help detect suspicious activity that could indicate a ransomware attack. Regular testing and validation of full backups can ensure that the organization can quickly recover from a ransomware attack without paying a ransom. Therefore, Option D is the best choice to meet the CSO's objectives.
In conclusion, Option D is the best choice to meet the CSO's objectives because it proposes a combination of preventive and detective controls that directly address the root cause of the problem and ensure that the organization can quickly recover from a ransomware attack.