A company is transitioning to a permanent hybrid work model where employees will split their time between the office and home. To adapt its operational security (OpSec) program, which of the following actions is the MOST crucial for the security team to implement?
Strengthening the physical access controls for the on-premises data center.
Decommissioning all on-premises servers in favor of a cloud-only infrastructure.
Developing and enforcing policies for secure remote access, home network configuration, and use of personal devices.
Mandating that all employees attend quarterly security briefings in person at the corporate headquarters.
The correct answer is to develop and enforce policies for secure remote access, home network configuration, and the use of personal devices. In a hybrid model, the traditional security perimeter of the office is dissolved. Employees connect from various networks and may use personal devices, creating new risks. Establishing clear policies for remote access (e.g., via VPN with MFA), guiding users on securing their home Wi-Fi, and setting rules for Bring Your Own Device (BYOD) are the most critical steps to extend operational security to the new working environment. Strengthening data center physical security is important but does not address the primary risks of a distributed workforce. Mandating in-person briefings is impractical for a hybrid model and less effective than addressing the technical security gaps. Decommissioning on-premises servers is a major architectural decision, not a direct or immediate OpSec response to a hybrid work model.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some unique risks associated with hybrid/remote work environments?
Open an interactive chat with Bash
What specific procedures should be included in an operational security program for remote work?
Open an interactive chat with Bash
How can organizations ensure secure online communications in remote work settings?