A financial organization's security team has detected a significant increase in phishing attempts against its employees. In response to this threat, the team has decided to employ a mechanism that verifies the identity of email senders and checks if the emails are from trusted sources before reaching the employees. Which type of security control is the team MOST likely implementing?
The team is most likely implementing technical controls in the form of email security technologies, such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). These technologies help to verify sender identities and assess the trustworthiness of the emails, acting as preventive controls to stop phishing attempts before they reach the employees.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are SPF and DMARC?
Open an interactive chat with Bash
How do technical controls differ from operational controls?
Open an interactive chat with Bash
Why are phishing emails a threat to organizations?