Which security control does NOT prevent information security incidents from recurring?

Scenario 3: Socket Inc is a telecommunications company offering mainly wireless products and services. It uses MongoDB. a document model database that offers high availability, scalability, and flexibility.

Last month, Socket Inc. reported an information security incident. A group of hackers compromised its MongoDB database, because the database administrators did not change its default settings, leaving it without a password and publicly accessible.

Fortunately. Socket Inc. performed regular information backups in their MongoDB database, so no information was lost during the incident. In addition, a syslog server allowed Socket Inc. to centralize all logs in one server. The company found out that no persistent backdoor was placed and that the attack was not initiated from an employee inside the company by reviewing the event logs that record user faults and exceptions.

To prevent similar incidents in the future, Socket Inc. decided to use an access control system that grants access to authorized personnel only. The company also implemented a control in order to define and implement rules for the effective use of cryptography, including cryptographic key management, to protect the database from unauthorized access The implementation was based on all relevant agreements, legislation, and regulations, and the information classification scheme. To improve security and reduce the administrative efforts, network segregation using VPNs was proposed.

Lastly, Socket Inc. implemented a new system to maintain, collect, and analyze information related to information security threats, and integrate information security into project management.

Based on the scenario above, answer the following question:

Which security control does NOT prevent information security incidents from recurring?
A . Segregation of networks
B . Privileged access rights
C . Information backup

Answer: C

Explanation:

Information backup is a corrective control that aims to restore the information in case of data loss, corruption, or deletion. It does not prevent information security incidents from recurring, but rather mitigates their impact. The other options are preventive controls that reduce the likelihood of information security incidents by limiting the access to authorized personnel, segregating the networks, and using cryptography. These controls can help Socket Inc. avoid future attacks on its MongoDB database by addressing the vulnerabilities that were exploited by the hackers.

Reference:

ISO 27001:2022 Annex A 8.13 C Information Backup1

ISO 27001:2022 Annex A 8.1 C Access Control Policy2

ISO 27001:2022 Annex A 8.2 C User Access Management3

ISO 27001:2022 Annex A 8.3 C User Responsibilities4

ISO 27001:2022 Annex A 8.4 C System and Application Access Control

ISO 27001:2022 Annex A 8.5 C Cryptography

ISO 27001:2022 Annex A 8.6 C Network Security Management

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments