Questão Q1635576

Atenção: A questão se refere ao seguinte texto:

Many businesses believe that if they purchase enough equipment, they can create a secure infrastructure. Firewalls, intrusion detection systems and antivirus programs are just some of the tools available to assist in protecting a network and its data. It is important to keep in mind that no product or combination of products will create a secure organization by itself. Security is a process; there is no tool that you can “set and forget”. All security products are only as secure as the people who configure and maintain them. The purchasing and implementation of security products should be only a percentage of the security budget. The employees tasked with maintaining the security devices should be provided with enough time, training, and equipment to properly support the products. Unfortunately, in many organizations security activities are less important than support activities. Highly skilled security professionals are often tasked with help-desk projects such as resetting forgotten passwords, fixing jammed printers, and setting up new employee workstations. For most organizations, the cost of creating a strong security posture is seen as a necessary evil, similar to purchasing insurance. Organizations don’t want to spend the money on it, but the risks of not making the purchase outweigh the costs. Because of this attitude, it is extremely challenging to create a secure organization. The attitude is enforced because requests for security tools are often supported by documents providing the average cost of a security incident instead of showing more concrete benefits of a strong security posture. The problem is exacerbated by the fact that IT professionals speak a different language than management. IT professionals are generally focused on technology. Management is focused on revenue. Concepts such as profitability, asset depreciation, return on investment, and total cost of ownership are the mainstays of management. These are alien concepts to most IT professionals.

Adaptado de: VACCA, John R. Computer and Information Security Handbook. Pg 5.

Assinale a alternativa correta, de acordo com as idéias expressas pelo texto:

Alternativas

Profissionais de segurança altamente qualificados são muitas vezes incumbidos de projetos de help-desk.

A maioria das organizações prefere investir no processo de criação de uma forte postura de segurança do que na aquisição de seguros.

As organizações fazem questão de gastar dinheiro com políticas de segurança, mesmo que os riscos por não fazê-lo sejam pequenos.

Criar uma organização segura é uma atitude simples, porém burocrática.

Os pedidos para aquisição de ferramentas de segurança geralmente vêm acompanhados por documentos que mostram os benefícios de uma forte postura de segurança, ao invés de fornecer o custo médio de um incidente de segurança.

Comentários

Highly skilled security professionals are often tasked with help-desk projects such as resetting forgotten passwords, fixing jammed printers, and setting up new employee workstations
a-
Highly skilled security professionals are often tasked with help-desk projects such as resetting forgotten passwords, fixing jammed printers, and setting up new employee workstations.
O próprio está ligado a procedimento e não a quórum.

SóProvas

Continue usando...

O que está incluso