Which of the following would be appropnate for the security analyst to coordinate?

As part of the senior leadership team’s ongoing nsk management activities the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data .

Which of the following would be appropnate for the security analyst to coordinate?
A . A black-box penetration testing engagement
B. A tabletop exercise
C. Threat modeling
D. A business impact analysis

View Answer

Answer: C

Explanation:

Threat modeling is a process that helps identify and analyze the potential threats and vulnerabilities of a system or process. It can help evaluate the security risks and mitigation strategies of a new business process that would use existing infrastructure to process and store sensitive data. A black-box penetration testing engagement, a tabletop exercise, or a business impact analysis are other methods that can be used to assess the security or resilience of a system or process, but they are not as appropriate as threat modeling for coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones.

Reference: https://owasp.org/www-community/Application_Threat_Modeling