How can an organization reduce vulnerabilities in their environment?

A.
Minimize the attack surface and maximize the work factor

B.
Maximize the attack surface and minimize the work factor
C. Minimize both the attack surface and work factor

D.
Maximize both the attack surface and work factor

Explanation:
Vulnerabilities
The paths that provide access to information are vulnerable to potential attacks. Each of the paths
may contain various access points, which provide different levels of access to the storage
resources. It is important to implement adequate security controls at all the access points on an
access path. Implementing security controls at each access point of every access path is known
as defense in depth. Defense in depth recommends using multiple security measures to reduce
the risk of security threats if one component of the protection is compromised. It is also known as
a “layered approach to security”. Because there are multiple measures for security at different
levels and defense in depth gives additional time to detect and respond to an attack. This can
reduce the scope or impact of a security breach.
Attack surface, attack vector, and work factor are the three factors to consider when assessing the
extent to which an environment is vulnerable to security threats. Attack surface refers to the
various entry points that an attacker can use to launch an attack. Each component of a storage
network is a source of potential vulnerability. An attacker can use all the external interfaces
supported by that component, such as the hardware and the management interfaces, to execute
various attacks. These interfaces form the attack surface for the attacker. Even unused network
services, if enabled, can become a part of the attack surface.
An attack vector is a step or a series of steps necessary to complete an attack. For example, an
attacker might exploit a bug in the management interface to execute a snoop attack whereby the
attacker can modify the configuration of the storage device to allow the traffic to be accessed from
one more host. This redirected traffic can be used to snoop the data in transit. Work factor refers
to the amount of time and effort required to exploit an attack vector. For example, if attackers
attempt to retrieve sensitive information, they consider the time and effort that would be required
for executing an attack on a database. This may include determining privileged accounts,
determining the database schema, and writing SQL queries. Instead, based on the work factor,
they may consider a less effort-intensive way to exploit the storage array by attaching to it directly
and reading from the raw disk blocks.
EMC E10-001 Student Resource Guide. Module 14: Securing the Storage Infrastructure