Question

A newly hired Chief Information Security Officer (CISO) wants to understand how the organization's CIRT handles issues brought to their attention, but needs to be very cautious about impacting any systems.

The MOST appropriate method to use would be:

A. an internal vulnerability assessment.
B. a red-team threat-hunt exercise.
C. a white-box penetration test.
D. a guided tabletop exercise.

Answer 1

A guided tabletop exercise is the most appropriate method for a newly hired CISO to understand how the organization's CIRT handles issues without impacting systems.

Step-by-step explanation:

The MOST appropriate method for a newly hired Chief Information Security Officer (CISO) to understand how the organization's CIRT handles issues without impacting systems would be a guided tabletop exercise. In a guided tabletop exercise, participants simulate a cybersecurity incident in a controlled environment. This allows the CISO to observe how the CIRT responds to the issue, identifies vulnerabilities, and mitigates potential impacts, all without affecting real systems. It helps test the organization's incident response plan and provides an opportunity for the CISO to gather insights and make improvements as necessary. This method is less intrusive compared to options like an internal vulnerability assessment, a red-team threat-hunt exercise, or a white-box penetration test, which involve actively scanning or testing systems for vulnerabilities.