If your organization operates under a model of "assumption of breach", you should:
If your organization operates under a model of "assumption of breach", you should:
If your organization operates under a model of 'assumption of breach', it means that you recognize that breaches are inevitable. In this case, the best approach is to focus your security efforts on high-value assets. This ensures that the most critical and sensitive information or resources are protected, thereby minimizing the potential damage and impact of a breach. Establishing firewall protocols and protecting all assets equally could spread resources too thin, while purchasing insurance does not contribute directly to preventing breaches or mitigating their immediate impacts.
Focus your security efforts on high value assets
Answer is C.
Answer is C. Focus your security efforts on high value assets
B is correct, I checked on two other websites
It is about assumption that we have already a breach, at this point we need to remediate the risk of Regulatory or compliance fines and paneities. Hence Answer B is correct.
If there is a breach, the organization will prioritize the security efforts on high value assets. It is too late to have insurance and you may not have enough resource to put on all assets as well.
We should be thinking quantitatively, we know that there is or will be a breach. Insurance is a must for us. However, we do not know which assets. Correct one is B
the "assumption of a breach" require an insurance for the compliance liability
i honestly would pick none of the answers. Focus on most critical assets can't be the right answer, that would leave other assets vulnerable. Transferring risk to an insurance company? that might compensate some costs, but will NOT protect your company getting hit by a severe attack...and fines in case of regulations. My thoughts here are to harden the incident response process, implement a stronger process and tech, implement network segreration and strong IAM to limit the damage and potential lateral movement. Thats the theority everyone gets a victim of an attack..the difference is the severity and capability to stop bleeding..
The "assumption of breach" model operates on the premise that breaches are inevitable. Therefore, it's crucial to prioritize and focus security efforts on protecting high-value assets, as these are the most critical and potentially damaging if compromised. This approach helps in allocating resources efficiently to areas that matter the most, ensuring that the organization's most valuable and sensitive information is adequately protected.