312-50V10 · Question #633
Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their
The correct answer is A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and. The most effective strategy to bridge the knowledge gap between attackers and security professionals is broad security education through books, articles, and training on vulnerabilities and risk analysis.
Question
Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. In this context, what would be the most affective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer)
Options
- AEducate everyone with books, articles and training on risk analysis, vulnerabilities and
- BHire more computer security monitoring personnel to monitor computer systems and networks.
- CMake obtaining either a computer security certification or accreditation easier to achieve so more
- DTrain more National Guard and reservist in the art of computer security to help out in times of
How the community answered
(36 responses)- A94% (34)
- B3% (1)
- C3% (1)
Why each option
The most effective strategy to bridge the knowledge gap between attackers and security professionals is broad security education through books, articles, and training on vulnerabilities and risk analysis.
Widespread education on risk analysis, vulnerabilities, and security techniques equips the defender community with the same depth of knowledge that attackers already possess, enabling more capable and proactive defense. This approach scales across the entire industry and addresses the root cause of the knowledge disparity rather than treating symptoms.
Hiring more monitoring personnel increases detection capacity but does not transfer technical knowledge or reduce the fundamental skill gap between attackers and defenders.
Lowering the bar for certifications reduces the quality standard of the credential and does not ensure professionals gain the deep technical knowledge needed to counter skilled attackers.
Training National Guard and reservists provides a limited, specialized workforce increase but does not address the broader knowledge gap across the civilian and commercial security community.
Concept tested: Security education strategy for bridging attacker-defender knowledge gap
Source: https://csrc.nist.gov/publications/detail/sp/800-50/final
Topics
Community Discussion
No community discussion yet for this question.