Free Preparation Discussions
MENU
GIAC Exam GCED Topic 5 Question 3 Discussion
Topic #: 5
A legacy server on the network was breached through an OS vulnerability with no patch available. The server is used only rarely by employees across several business units. The theft of information from the server goes unnoticed until the company is notified by a third party that sensitive information has been posted on the Internet. Which control was the first to fail?
The legacy system was not properly classified or assigned an owner. It is critical that an organization identifies and classifies information so proper controls and measures should be put in place. The ultimate goal of data classification is to make sure that all information is properly protected at the correct level.
This was not a failure of incident response, access control or security awareness training.
Currently there are no comments in this discussion, be the first to comment!