Question

A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization's systems. The CISO knows improvements can be made to the guides.

Which of the following would be the BEST source of reference during the revision process?

A. CVE database
B. Internal security assessment reports
C. Industry-accepted standards
D. External vulnerability scan reports
E. Vendor-specific implementation guides

Answer 1

C. Industry-accepted standards

The best source of reference during the revision process for the Chief Information Security Officer (CISO) would be industry-accepted standards, such as NIST or ISO guidelines.

Step-by-step explanation:

The best source of reference during the revision process for the Chief Information Security Officer (CISO) would be industry-accepted standards,

option C. These standards are developed and maintained by reputable organizations such as the National Institute of Standards and Technology (NIST) or the International Organization for Standardization (ISO).

They provide comprehensive guidelines and best practices for system configuration and hardening.

While the other options may also provide valuable information, such as the CVE database for tracking known vulnerabilities,

internal security assessment reports for identifying weaknesses within the organization, and external vulnerability scan reports for identifying potential vulnerabilities from outside sources, these sources may not always be as comprehensive or up to date as industry-accepted standards.

Vendor-specific implementation guides, option E, may be useful for specific configurations or products, but relying solely on these guides may not provide a holistic approach to system security.