CISM Certified Information Security Manager – Question1386
An organization has been experiencing a number of network-based security attacks that all appear to originate internally. The BEST course of action is to: A. require the use of strong passwords. B. assign static IP addresses. C. implement centralized logging software. D. install an intrusion detection system (IDS).
Correct Answer: D
Explanation:
Explanation:
Installing an intrusion detection system (IDS) will allow the information security manager to better pinpoint the source of the attack so that countermeasures may then be taken. An IDS is not limited to detection of attacks originating externally. Proper placement of agents on the internal network can be effectively used to detect an internally based attack. Requiring the use of strong passwords will not be sufficiently effective against a network-based attack. Assigning IP addresses would not be effective since these can be spoofed. Implementing centralized logging software will not necessarily provide information on the source of the attack.
Please disable your adblocker or whitelist this site!