The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation.
The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting.
Which of the following would be the BEST methods to prepare this report? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AD.
Option A: Review the CVE database for critical exploits over the past year CVE stands for Common Vulnerabilities and Exposures, which is a list of publicly disclosed cybersecurity vulnerabilities and exposures. Reviewing the CVE database for critical exploits over the past year can provide information on the most severe vulnerabilities that have been discovered and exploited by threat actors. This information can be useful in identifying areas of weakness in the company's cybersecurity posture and prioritizing security measures.
Option B: Use social media to contact industry analysts Using social media to contact industry analysts can provide insight into the latest trends and threats in the financial services industry. Industry analysts typically have access to a wealth of information and can provide valuable insights into the current state of cybersecurity in the industry. However, it is important to ensure that the information obtained is from reputable sources.
Option C: Use intelligence gathered from the Internet relay chat channels Internet Relay Chat (IRC) is a protocol for real-time internet chat that has been used for decades. However, relying on intelligence gathered from IRC channels is not recommended as it may not be reliable or trustworthy. Threat actors can easily manipulate the information shared on these channels to mislead others. Therefore, this option is not recommended.
Option D: Request information from security vendors and government agencies Requesting information from security vendors and government agencies can provide valuable insights into the latest cybersecurity trends and threats. These organizations often have access to a wealth of information and intelligence that can help identify potential threats and vulnerabilities. However, it is important to ensure that the information obtained is from reputable sources.
Option E: Perform a penetration test of the competitor's network and share the results with the board. Performing a penetration test of the competitor's network is not recommended as it may be illegal and unethical. Penetration testing is typically conducted with the consent of the target organization and under strict ethical guidelines. Therefore, this option is not recommended.
In conclusion, the best methods to prepare the report on current cybersecurity and threat trends in the financial services industry are reviewing the CVE database for critical exploits over the past year and requesting information from security vendors and government agencies. These options are reliable, ethical, and provide valuable insights into the latest cybersecurity trends and threats.