Which of the following is an information security manager's MOST important action to mitigate the risk associated with malicious software?
Which of the following is an information security manager's MOST important action to mitigate the risk associated with malicious software?
To mitigate the risk associated with malicious software, an information security manager's most important action is to implement a multi-layered security program. This comprehensive approach combines various security measures and controls to create multiple layers of defense, significantly reducing the risk of successful malware attacks. By addressing multiple potential points of failure and attack vectors, the effectiveness of the overall security posture is enhanced, providing a more robust protection against malicious software.
B? multi-layered security program is generally considered the most effective approach...
agree with you
No only that, but the infosec manager's job is not to touch, but to advise, shape and influence.
B- Defence in depth to put it another way
Option B
Among the options provided, the MOST important action for an information security manager to mitigate the risk associated with malicious software is B. Implementing a multi-layered security program. A multi-layered security program combines various security measures and controls to create a comprehensive defense against malicious software. It involves implementing multiple layers of protection at different points in the IT infrastructure and user environment, significantly reducing the risk of successful malware attacks.
The most likely answer is B. According to ncsc.gov.uk "Since there's no way to completely protect your organization against malware infection, you should adopt a 'defense-in-depth' approach. This means using layers of defense with several mitigations at each layer." This could include disabling of peripheral access ports and keeping OS and antivirus software up-to-date among other methods.
C Ensuring antivirus has the latest definition files
B. Implementing a multi-layered security program
D may not be correct answer as the risk is related to Malware.
Defense in-depth/multi-layered security program is the most effective approach.