A business has combined operations with another organization, bringing new staff, resources, and networks together. The security department wants to minimize infiltration risks while ensuring daily activities can proceed. Which action best addresses these factors?
Designate incoming systems to a single person who manages access without broader evaluations
Have newly combined teams sign staff agreements and skip further vulnerability checks
Conduct a multi-step security gap assessment with data flow reviews to understand new infiltration channels
Shut down operational services whenever a newly integrated system goes live
A phased assessment that includes data flow reviews and threat modeling helps reveal unknown infiltration points introduced by unifying networks, systems, or staff. It addresses possible seams in the environment while allowing the group to maintain normal functions. Shutting down major systems interrupts business and may miss potential blind spots. Relying on staff agreements alone does not detect or mitigate infiltration issues. Assigning one champion per acquired system lacks a full-spectrum analysis of how these systems interact with the rest of the environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a security gap assessment?
Open an interactive chat with Bash
What is a data flow review, and why is it important?
Open an interactive chat with Bash
How does threat modeling complement a security gap assessment?