Company A is trying to implement controls to reduce costs and time spent on litigation.
To accomplish this, Company A has established several goals:
– Prevent data breaches from lost/stolen assets
– Reduce time to fulfill e-discovery requests
– Prevent PII from leaving the network
– Lessen the network perimeter attack surface
– Reduce internal fraud
Which of the following solutions accomplishes the MOST of these goals?
A . Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.
B . Eliminate VPN access from remote devices. Restrict junior administrators to read-only shell access on network devices. Install virus scanning and SPAM filtering. Harden all servers with trusted OS extensions.
C . Create a change control process with stakeholder review board, implement separation of duties and mandatory vacation, create regular SAN snapshots, enable GPS tracking on all cell phones and laptops, and fully encrypt all email in transport.
D . Implement outgoing mail sanitation and incoming SPAM filtering. Allow VPN for mobile devices; cross train managers in multiple disciplines, ensure all corporate USB drives are provided by Company A and de-duplicate all server storage.
Answer: A
Leave a Reply