which of the following type of calculations is needed?

A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on
their network. Vendors were authenticating directly to the retailer’s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where
credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that
because the vendors were required to have site to site VPN’s no other security action was taken.
To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on
their network. Vendors were authenticating directly to the retailer’s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where
credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that
because the vendors were required to have site to site VPN’s no other security action was taken.
To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

A.
Residual Risk calculation

B.
A cost/benefit analysis

C.
Quantitative Risk Analysis

D.
Qualitative Risk Analysis



Leave a Reply 0

Your email address will not be published. Required fields are marked *