CAS-003 · Question #397
A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attac
The correct answer is D. Conduct a threat modeling exercise.. Threat modeling is a threat intelligence process that identifies and assesses the possible attack vectors that target systems. These models can encompass general security in an organization or they can apply to specific systems that are the target of an attack. In addition, some
Question
A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage. Which of the following exercise types should the analyst perform?
Options
- ASummarize the most recently disclosed vulnerabilities.
- BResearch industry best practices and latest RFCs.
- CUndertake an external vulnerability scan and penetration test.
- DConduct a threat modeling exercise.
How the community answered
(30 responses)- A10% (3)
- B7% (2)
- C3% (1)
- D80% (24)
Explanation
Threat modeling is a threat intelligence process that identifies and assesses the possible attack vectors that target systems. These models can encompass general security in an organization or they can apply to specific systems that are the target of an attack. In addition, some threat models are attacker-focused rather than asset-focused. Either way, a threat model will assist you in evaluating the risks involved in a potential attack, as well as the best course to take to mitigate
Topics
Community Discussion
No community discussion yet for this question.