A project manager is developing a developer portal and requests that the security manager assign
a public IP address so that it can be accessed by in-house staff and by external consultants
outside the organization’s local area network (LAN). What should the security manager do FIRST?
A.
Understand the business requirements of the developer portal
B.
Perform a vulnerability assessment of the developer portal
C.
Install an intrusion detection system (IDS)
D.
Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing
external access to the server
Explanation:
The information security manager cannot make an informed decision about the request without
first understanding the business requirements of the developer portal. Performing a vulnerability
assessment of developer portal and installing an intrusion detection system (IDS) are best
practices but are subsequent to understanding the requirements. Obtaining a signed
nondisclosure agreement will not take care of the risks inherent in the organization’s application.