Critical Security Control : Guest Assessment

Tip 1

Please read question carefully before answer

Tip 2

The assessment does not merely end with identifying gaps, the steps after the identification are essential. Conducting a thorough analysis by security experts can reveal valuable insight previously unknown.

Tip 3

Prioritize and take corrective and mitigating action to promptly address identified gaps and threats.

Astmt Q 1

QW

1 remaining

Deploy an automated asset inventory discovery tool and use it to build a preliminary asset inventory of systems connected to an organization’s public and private network(s). Both active tools that scan through network address ranges and passive tools that identify hosts based on analyzing their traffic should be employed.

Policy Defined

Control Implemented

Control Automated

Control Reported to Business

Astmt Q 2

QW

0 remaining

Deploy application whitelisting technology that allows systems to run software only if it is included on the whitelist and prevents execution of all other software on the system. The whitelist may be very extensive (as is available from commercial whitelist vendors), so that users are not inconvenienced when using common software. Or, for some special-purpose systems (which require only a small number of programs to achieve their needed business functionality), the whitelist may be quite narrow. When protecting systems with customized software that may be seen as difficult to whitelist, use item 8 below (isolating the custom software in a virtual operating system that does not retain infections.).

Policy Defined

Control Implemented

Control Automated

Control Reported to Business