An organization was severely impacted after an advanced persistent threat (APT) attack.
Afterwards, it was found that the initial breach happened a month prior to the attack.
Management's GREATEST concern should be:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
In this scenario, an organization has experienced a severe impact from an advanced persistent threat (APT) attack that was found to have originated a month prior to the actual attack. Management's greatest concern should be to prevent similar incidents from happening in the future.
Of the options provided, the most important concern for management in this scenario would be the effectiveness of monitoring processes (Option B). This is because, despite the breach happening a month before the actual attack, the organization failed to detect and respond to the breach in a timely manner. Effective monitoring processes would have helped to identify the breach and initiate appropriate actions to contain and mitigate the threat.
While results of the past internal penetration test (Option A) can provide useful information, it is not the most immediate concern in this scenario. It is possible that the penetration test may have identified vulnerabilities that could have contributed to the breach, but the more pressing concern would be to ensure that the organization's monitoring processes are effective in detecting and responding to such breaches.
Similarly, while the installation of critical security patches (Option C) is important for maintaining the security of an organization's systems, it may not be the most pressing concern in this scenario. The breach may have occurred due to a vulnerability that was not yet known at the time, or because the organization failed to detect and respond to the breach in a timely manner.
External firewall policies (Option D) are important for protecting an organization's systems from external threats, but in this scenario, the threat was internal, and the breach was already established. Therefore, the primary concern should be on detecting and responding to internal breaches, rather than solely relying on external firewall policies.
In summary, the organization's management should be most concerned with the effectiveness of monitoring processes to prevent similar incidents from occurring in the future.