What should the security manager do FIRST?

Posted by: Pdfprep Category: CISM Tags: , ,

A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization’s local area network (LAN).

What should the security manager do FIRST?
A . Understand the business requirements of the developer portal
B . Perform a vulnerability assessment of the developer portal
C . Install an intrusion detection system (IDS)
D . Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external access to the server

Answer: A

Explanation:

The information security manager cannot make an informed decision about the request without first understanding the business requirements of the developer portal. Performing a vulnerability assessment of developer portal and installing an intrusion detection system (IDS) are best practices but are subsequent to understanding the requirements. Obtaining a signed nondisclosure agreement will not take care of the risks inherent in the organization’s application.

Leave a Reply

Your email address will not be published.