Which of the following is the NEXT step that should be completed to obtain information about the software company’s security posture?

A business recently acquired a software company. The software company’s security posture is unknown. However, based on an assessment, there are limited security controls. No significant security monitoring exists.

Which of the following is the NEXT step that should be completed to obtain information about the software company’s security posture?
A . Develop an asset inventory to determine the systems within the software company
B . Review relevant network drawings, diagrams and documentation
C . Perform penetration tests against the software company’s Internal and external networks
D . Baseline the software company’s network to determine the ports and protocols in use.

View Answer

Answer: A

Explanation:

An asset inventory is a list of all the hardware, software, data, and other resources that an organization owns or uses. An asset inventory helps to identify what systems are present in an organization, where they are located, what they do, and how they are configured2 Developing an asset inventory is the next step that should be completed to obtain information about the software company’s security posture, as it provides a baseline for further analysis and assessment of the systems’ vulnerabilities and risks.

Reference: 2 What Is an Asset Inventory? | UpGuard