A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited.
What process should the information security manager deploy to determine the necessity for remedial action?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
A risk assessment will identify- the business impact of such vulnerability being exploited and is, thus, the correct process.
A penetration test or a security baseline review may identify the vulnerability but not the remedy.
A business impact analysis (BIA) will more likely identify the impact of the loss of the mail server.
The best answer in this scenario would be C. A risk assessment. A risk assessment is a critical process in determining the level of risk associated with a particular system or application. The process involves identifying threats and vulnerabilities, determining the likelihood of an attack, and assessing the potential impact of an attack.
In this scenario, the company's mail server allows anonymous FTP access, which poses a potential security risk. The information security manager needs to conduct a risk assessment to determine the likelihood and impact of an attack on the company's mail server.
A penetration test (Option A) involves simulating an attack on a system or application to identify vulnerabilities. While it may be useful, a penetration test is not the best option in this scenario since it assumes an attack is already imminent, rather than assessing the likelihood of an attack.
A security baseline review (Option B) involves reviewing an organization's security controls against industry best practices or regulatory standards to identify areas that need improvement. However, it does not address the specific risks posed by anonymous FTP access.
A business impact analysis (Option D) is a process that identifies the potential impact of a disruption to an organization's operations. While it may be useful in assessing the impact of an attack, it does not address the specific risks posed by anonymous FTP access.
Therefore, the most appropriate process to determine the necessity for remedial action in this scenario is a risk assessment (Option C). The risk assessment will identify the likelihood and impact of an attack on the company's mail server, which will help the information security manager determine the appropriate remedial actions needed to mitigate the risk.