OGEA-103 Question #95: Real Exam Question with Answer & Explanation

Please read this scenario prior to answering the question Your role is that of a senior architect, reporting to the Chief Enterprise Architect, at a medium- sized company with 400 employees. The nature of the business is such that the data and the information stored on the company systems is their major asset and is highly confidential. The company employees travel extensively for work and must communicate over public infrastructure using message encryption, VPNs, and other standard safeguards. The company has invested in cybersecurity awareness training for all its staff. However, it is recognized that even with good education as well as system security, there is a dependency on third-parly suppliers of infrastructure and software. The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The CTO is the sponsor of the activity. The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education, and support, it is likely just a matter of time before the company suffers a significant attack that could completely lock them out of their information assets. A risk assessment has been done and the company has sought cyber insurance that includes ransomware coverage. The quotation for this insurance is hugely expensive. The CTO has recently read a survey that stated that one in four organizations paying ransoms were still unable to recover their data, while nearly as many were able to recover the data without paying a ransom. The CTO has concluded that taking out cyber insurance in case they need to pay a ransom is not an option. Refer to the scenario You have been asked to describe the steps you would take to improve the resilience of the current architecture? Based on the TOGAF standard which of the following is the best answer?