A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?
To best manage the threats proactively, the security engineer should update security awareness training to address new threats, such as best practices for data security. By ensuring that all employees understand the importance of data security and are aware of the latest threats and preventative measures, the company can proactively mitigate potential risks associated with the theft of proprietary information.
D makes more sense, we don't have a mapped adversary to leverage TTPs from MITRE, I mean, where should I start my threat modeling for data theft with no adversaries, groups or campaigns mapped whatsoever?
CompTIA is not great at wording these questions. I could make an argument for both B and D. In this specific scenario, it appears that we're concerned with ONE threat specifically: theft of proprietary information (answer would be D). However, the word "threats" implies otherwise (answer could be B).
D is for ordinary employee.
repeated question 332. Since 332. doesn't have D as an option I would go with B.
I believe people are the weakest link and in order to be proactive, you need to start with People.
I agree. As far as CompTIA is concerned end user training is the BEST ROI you can get
Answer is D. Which of the following should the security engineer do to BEST manage the threats PROACTIVELY? Providing Security Awareness Training is being proactive.
The primary concern to me is potential compromise of "proprietary information". Security awareness training can help mitigate this concern.
A is the answer. this is why;An information-sharing community is a group or network of organizations that share threat intelligence, best practices, and mitigation strategies related to cybersecurity. An information-sharing community can help the company proactively manage the threats of potential theft of its newly developed, proprietary information by providing timely and actionable insights, alerts, and recommendations. An information- sharing community can also enable collaboration and coordination among its members to enhance their collective defense and resilience.
Answer is B for sure MITRE ATT&CK is commonly used for cyber threat intelligence. Source: https://attack.mitre.org/resources/training/cti/
dead link.
B. Leverage the MITRE ATT&CK framework to map the TTP. In this scenario, the security engineer should leverage the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to map the Tactics, Techniques, and Procedures (TTP) that potential adversaries might use to steal the proprietary information. The MITRE ATT&CK framework provides a comprehensive and structured knowledge base of known adversary behaviors, allowing security professionals to proactively identify and understand potential threats. While joining an information-sharing community (A) can provide valuable insights and collaboration opportunities, it may not directly address the specific concern of theft of proprietary information. OSINT techniques (C) can provide additional intelligence on potential threats, but the MITRE ATT&CK framework is more tailored to understanding adversary behaviors. Updating security awareness training (D) is generally important, but it may not be as proactive or targeted in managing the specific threat of theft of proprietary information.
A. Join an information-sharing community that is relevant to the company. By joining an information-sharing community, the security engineer can stay up-to-date on any new threats or attacks targeting the military program, as well as receive information on best practices and mitigation strategies. This will allow the company to proactively manage and address any potential threats to its proprietary information. Option B, C, and D are also important steps, but they are reactive measures and not as proactive as joining an information-sharing community.
B. Do not forget that this was a prototype. It is still in the assessment stages of development. The MITRE ATTACK Framework is a curated knowledge base that tracks cyber adversary tactics and techniques used by threat actors across the entire attack lifecycle. The framework is meant to be more than a collection of data: it is intended to be used as a tool to strengthen an organization's security posture.
to avoid IP theft
The question did not state that the information was leaked.
D is the option Contact me at <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0b6664676772256c6a797f6e654b647e7f6764646025686466">[email protected]</a> to get all questions
To BEST manage the threats proactively in the context of potential theft of proprietary information, the security engineer should consider: B. Leverage the MITRE ATT&CK framework to map the TTP (Tactics, Techniques, and Procedures). Explanation: MITRE ATT&CK Framework: The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base that provides information about the tactics, techniques, and procedures employed by adversaries. By leveraging this framework, the security engineer can proactively identify and understand potential threats, tactics used by adversaries, and the techniques employed to achieve their goals.
D is only for non-security person aka ordinary employee.
After carefully reviewing this poorly worded question, you would want the engineer to review the TTPS from the MITRE ATT&CK Framework because he can update the security awareness program to reference the TTPS. If he just UPDATES the program, what is he going to technically update? answer D doesn't define it which is why I believe it's not correct