GIAC Security Leadership Certification (GSLC) — Question 26

Which security control is primarily concerned with reducing the cyber risk introduced by employees and other insiders within the organization?

Answer options

• A. Incident handling
• B. Vulnerability scanning
• C. Threat intelligence
• D. Configuration management
• E. Security awareness

Correct answer: C

Explanation

The correct answer is C, Threat intelligence, as it involves gathering and analyzing information to understand and mitigate risks from insiders. The other options, while important in security, do not specifically target the risks posed by employees; Incident handling deals with response to incidents, Vulnerability scanning identifies weaknesses, Configuration management relates to system settings, and Security awareness focuses on educating users.