A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization’s local area network (LAN).
What should the security manager do FIRST?
A . Understand the business requirements of the developer portal
B . Perform a vulnerability assessment of the developer portal
C . Install an intrusion detection system (IDS)
D . Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the server
Answer: A
Explanation:
The information security manager cannot make an informed decision about the request without first understanding the business requirements of the developer portal. Performing a vulnerability assessment of developer portal and installing an intrusion detection system (IDS) are best practices but are subsequent to understanding the requirements. Obtaining a signed nondisclosure agreement will not take care of the risks inherent in the organization’s application.
Leave a Reply