Sara, a company’s security officer, often receives reports of unauthorized personnel having
access codes to the cipher locks of secure areas in the building. Sara should immediately
implement which of the following?
A.
Acceptable Use Policy
B.
Physical security controls
C.
Technical controls
D.
Security awareness training
Surely B. If you are aware that your security measures have been compromised, you need to first deal with that. Then you can address the cause of the breach. Incident before problem.
0
0
I wanna say that since Sara is already a security officer, there is already a Physical security control.
Dumb question either way.
0
0
if we just keep assuming this or that is in place already then any answer could be right. My opinion is that since Sara receives reports of unauthorized personnel having
access codes to the cipher locks of secure areas in the building, it should be obvious that people are trained to look out for this or on the awareness and maybe now Physical security controls should be added immediately and then more Security awareness training.
although i guess they might not be trained to stop the re-occurrence and therefore need more Security awareness training.
0
0
My opinion is this is a crappy question. If the cypher lock are compromised, I would post some type of guard, or change the combos. What good is training going to do?
0
0
The thing is, she is getting reports… You can go change the locks all day and it will still happen again. You have to put out training on it first then implement physical security. Think Security+ not common sense logic.
0
0
Cipher locks are at the end of the day are a form of “B-Physical security controls”.
The only way to open the locks is with a big sledge hammer or by having the code to said lock.
The problem here is that “unauthorized personnel” have the codes for the locks.
This “unauthorized personnel” either have a great crystal ball which allows them to guess what the codes are, or some “authorized personnel” are giving the codes to the “unauthorized personnel”. It is clearly the later
So it is a matter of training the “authorized personnel” not to give the codes to the “unauthorized personnel”.
Hence; to my mind; the answer is indeed: “D: Security awareness training”
Security awareness and training include explaining policies, procedures, and current threats to both users and management.
A security awareness and training program can do much to assist in your efforts to improve and maintain security.
A good security awareness training program for the entire organization should cover the following areas:
* Importance of security;
* Responsibilities of people in the organization;
* Policies and procedures;
* Usage policies;
* Account and password selection criteria
* Social engineering prevention.
1
0