Legal authorities notify a company that its network has been compromised for the second time in two years.
The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks.
Which of the following would have allowed the security team to use historical information to protect against the second attack?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The correct answer to this question is B. Lessons learned.
Lessons learned are a critical component of a comprehensive security program. When an organization experiences a security incident or breach, it is important to analyze the incident and identify the root cause. This analysis can be used to create a report that outlines the details of the incident, the impact it had on the organization, and the steps that were taken to mitigate the incident.
By reviewing the report from the first incident, the security team could identify the vulnerability that was exploited and take steps to remediate the vulnerability across the entire network. This would help to prevent the same vulnerability from being exploited in a future attack.
Key risk indicators (A) are metrics used to track risks over time. Recovery point objectives (C) are related to data backup and recovery, and define the point in time to which data must be restored after a disruption. Tabletop exercises (D) are simulated scenarios designed to test an organization's response to a security incident. While all of these are important components of a comprehensive security program, they are not directly related to the question asked.
In summary, the most effective way to protect against future attacks is to learn from past incidents and take steps to remediate vulnerabilities that were exploited. By doing so, organizations can significantly reduce the risk of a repeat incident.