Question

A Chief Information Security Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used:

GROUPS SWITCHVENDOR TRUNKING MIN SUPPORT
Group A Vendor 1 802.1q Cat5E YES
Group B Vendor 1 ISL Cat5E YES
Group C Vendor 2 802.1q Cat5 NO
Group D Vendor 2 802.1q Cat5 YES

Which of the following would be the CISO's MOST immediate concern?

A. There are open standards in use on the network.
B. Network engineers have ignored defacto standards.
C. Network engineers are not following SOPs.
D. The network has competing standards in use.

Answer 1

The CISO's immediate concern is that network engineers are not following Standard Operating Procedures due to the lack of consistent technical standards and the absence of governance documentation across regional offices.

Step-by-step explanation:

The CISO's most immediate concern, given the lack of governance documentation and the differences in technical standards, would be that network engineers are not following SOPs (Standard Operating Procedures). This concern arises because varying technical documentation suggests inconsistent implementation of technology and potentially operational policies across regional offices. Without governance documentation, it can lead to security vulnerabilities, inefficiencies, and difficulty in managing the network infrastructure effectively. The inconsistency between groups, such as different trunking protocols (802.1q and ISL), may cause technical issues, but the absence of SOP adherence signifies a fundamental flaw in organizational processes that can lead to a broader set of problems.