Proactive Threat Management
Question
A small company recently developed prototype technology for a military program.
The company's security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The security engineer is concerned about potential theft of newly developed proprietary information. In order to manage this threat proactively, the security engineer should consider the following options:
A. Join an information-sharing community that is relevant to the company: This option may be helpful in gaining information about the latest threats and best practices, as well as learning from the experiences of others in similar situations. However, it may not directly address the specific threat of theft of proprietary information. Therefore, this option may not be the BEST choice for managing the threat proactively.
B. Leverage the MITRE ATT&CK framework to map the TTR: The MITRE ATT&CK framework is a well-known tool for mapping and categorizing cyber threats. By using this framework, the security engineer can identify potential threats to the company's newly developed technology and map out a plan for addressing them. This option may be a good choice for managing the threat proactively, as it provides a systematic and structured approach to threat analysis.
C. Use OSINT techniques to evaluate and analyze the threats: Open-source intelligence (OSINT) techniques involve gathering and analyzing publicly available information to identify potential threats. This option may be useful for identifying external threats, such as those posed by competitors or other malicious actors. However, it may not be as effective in identifying internal threats, such as those posed by employees or contractors with access to the proprietary information. Therefore, this option may not be the BEST choice for managing the threat proactively.
D. Update security awareness training to address new threats, such as best practices for data security: Security awareness training can be an effective tool for educating employees on the importance of data security and how to prevent theft of proprietary information. However, it may not directly address the specific threat of theft of the company's newly developed technology. Therefore, while this option may be a useful component of a comprehensive security strategy, it may not be the BEST choice for managing the threat proactively.
In conclusion, the BEST option for the security engineer to manage the threat of theft of the company's newly developed proprietary information proactively is to leverage the MITRE ATT&CK framework to map the TTR. This will allow the security engineer to systematically and comprehensively identify potential threats and develop a plan for addressing them.
