2. 计算机
  3. The following scenario is to be used for questions 27, 28, and 29. Mike is the new CSO of a large pharmaceutical company. He has

The following scenario is to be used for questions 27, 28, and 29. Mike is the new CSO of a large pharmaceutical company. He has

admin2013-12-19  8
问题 The following scenario is to be used for questions 27, 28, and 29.
Mike is the new CSO of a large pharmaceutical company. He has been asked to revamp the company’s physical security program and better align it with the company’s information security practices. Mike knows that the new physical security program should be made up of controls and processes that support the following categories: deterrent, delaying, detection, assessment, and response.
Mike’s team has decided to implement new perimeter fences and warning signs against trespassing around the company’s facility. Which of the categories listed in the scenario do these countermeasures map to?
选项 A、Deterrent
B、Delaying
C、Detection
D、Assessment
答案A
解析 A正确。围栏、警告标示和保安都是用于阻止未授权进入的对策的例子。物理安全项目应该在以下的每个类别中都包含控制:阻止、延迟、检测、评估和响应。
B不正确。因为加固墙、钢筋、锁和双层强的使用都当作延迟机制使用。其基本思想是让坏人花更多时间才能破解这些控制,进而给响应部队提供足够的时间赶到现场,阻止攻击者。阻止控制减少了漏洞被利用的可能性,延迟控制试图确定某个坏事是否发生,它可以减慢入侵者的进度。
C不正确。因为检测工具的实施不是为了阻止恶意的个体,而是为了检测他们的行为。检测工具可以是入侵检测系统、探测器或PIDAS围栏。
D不正确。因为评估控制与如何确定和评估不同的场景有关。这个类别中最常见的控制手段就是保安,因为他能够将不同的场景片段联系到一起,进而确定下一个步骤可能发生的事情。确保实施事故评估和根据事故评估结果进行的过程的控制至关重要。
转载请注明原文地址:https://kaotiyun.com/show/vfhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)