A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?
When performing a vulnerability assessment, the first action for a security analyst should be to create a full inventory of information and data assets. This is essential because understanding what assets exist is the foundation for identifying and assessing vulnerabilities and risks. Without a complete inventory, it would be challenging to determine the impact of potential attacks or to ensure that all critical assets are covered in the assessment.
You need to know what you got first.
You might and probably would do a vulnerability assessment with multiple security compliance standards in mind. but to do it you first need an inventory.
Need to know your assets first in order to move forward.
I would say C is the answer because in order to know which assets are important you have to know what framework/guidelines the company has to follow. for e.g. the risks of a financial org may be different from thos of a hospitol
Retracting. The answer is A
CIS Control 1 : Hardware and Software Inventory you can't defend or protect when you don't know what you have. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
NIST Step 1: Prioritize and Scope.