In order to maintain oversight of a third party service provider, the company is going to implement a
Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture
coverage. Which of the following is the MOST important activity that should be considered?
![PrepAway - Latest Free Exam Questions & Answers](https://www.briefmenow.org/img/pa5.jpg)
A.
Continuous security monitoring
B.
Baseline configuration and host hardening
C.
Service Level Agreement (SLA) monitoring
D.
Security alerting and trending
Explanation:
The company is investing in a Governance, Risk, and Compliance (GRC) system to provide overall security
posture coverage. This is great for testing the security posture. However, to be effective and ensure the
company always has a good security posture, you need to monitor the security continuously.
Once a baseline security configuration is documented, it is critical to monitor it to see that this baseline is
maintained or exceeded. A popular phrase among personal trainers is “that which gets measured gets
improved.” Well, in network security, “that which gets monitored gets secure.”
Continuous monitoring means exactly that: ongoing monitoring. This may involve regular measurements of
network traffic levels, routine evaluations for regulatory compliance, and checks of network security device
configurations.