A company is transitioning to a permanent hybrid work model where employees will split their time between the office and home. To adapt its operational security (OpSec) program, which of the following actions is the MOST crucial for the security team to implement?
Strengthening the physical access controls for the on-premises data center.
Decommissioning all on-premises servers in favor of a cloud-only infrastructure.
Mandating that all employees attend quarterly security briefings in person at the corporate headquarters.
Developing and enforcing policies for secure remote access, home network configuration, and use of personal devices.
The correct answer is to develop and enforce policies for secure remote access, home network configuration, and the use of personal devices. In a hybrid model, the traditional security perimeter of the office is dissolved. Employees connect from various networks and may use personal devices, creating new risks. Establishing clear policies for remote access (e.g., via VPN with MFA), guiding users on securing their home Wi-Fi, and setting rules for Bring Your Own Device (BYOD) are the most critical steps to extend operational security to the new working environment. Strengthening data center physical security is important but does not address the primary risks of a distributed workforce. Mandating in-person briefings is impractical for a hybrid model and less effective than addressing the technical security gaps. Decommissioning on-premises servers is a major architectural decision, not a direct or immediate OpSec response to a hybrid work model.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is VPN and how does it enhance security for remote access?
Open an interactive chat with Bash
Why is securing home Wi-Fi important for hybrid work models?
Open an interactive chat with Bash
What is BYOD, and how should organizations manage its risks?