Question

Which of the following is a correct statement about the balance among prevention, detection, and response (PDR)? The greater the sensitivity and quantity of the data at issue, the more carefully the balance among these three must be evaluated. Organizations have no discretion in deciding their levels of security practice. If detection and response measures are in place, it is not necessary to have measures devoted to prevention. If preventive measures are in place, it is not necessary to have measures focused on detection and response.

Answer 1

The correct answer is letter "A": The greater the sensitivity and quantity of the data at issue, the more carefully the balance among these three must be evaluated.

Step-by-step explanation:

The Information Security Process aims to provide entities a tool to anticipate risks, face threats and mitigate attacks. This process includes three steps:

• Prevention: security policies, awareness, controls, and processes are created and linked.
• Detection: threats are spotted using Intrusion Detection Systems (IDS).
• Response: actions to be taken to eliminate the threat or mitigate its impact if deleting is not possible.

Firms must find ways to set up their PDR processes in a way that the three of them have the same strength. Companies storing sensitive customers' information must weigh the importance of the three steps in a way that they decrease the possibilities of an intrusion.