Certified Chief Information Security Officer (CCISO) — Question 134

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll.
Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff?

Answer options

• A. Employ an assumption of breach protocol and defend only essential information resources.
• B. Deploy a SEIM solution and have your staff review incidents first thing in the morning
• C. Configure your syslog to send SMS messages to current staff when target events are triggered.
• D. Engage a managed security provider and have current staff on call for incident response

Correct answer: D

Explanation

The correct answer, D, suggests engaging a managed security provider, which allows for continuous coverage without adding to payroll. Options A and B do not provide 24/7 monitoring, and option C relies on current staff being available at specific times, which doesn't address the need for constant vigilance.