Shared Assessments Third Party Risk Management CTPRP Question # 28 Topic 3 Discussion
CTPRP Exam Topic 3 Question 28 Discussion:
Question #: 28
Topic #: 3
When conducting an assessment of a third party's physical security controls, which of the following represents the innermost layer in a ‘Defense in Depth’ model?
In the ‘Defense in Depth’ security model, the innermost layer typically focuses on protecting the most sensitive and critical assets, which are often categorized as 'Private internal'. This layer includes security controls and measures that are designed to safeguard the core, confidential aspects of an organization's infrastructure and data. It encompasses controls such as access controls, encryption, and monitoring of sensitive systems and data to prevent unauthorized access and ensure data integrity and confidentiality. The 'Private internal' layer is crucial for maintaining the security of critical information and systems that are essential to the organization's operations and could have the most significant impact if compromised. Implementing robust security measures at this layer is vital for mitigating risks associated with physical access to critical infrastructure and sensitive information.
References:
Security frameworks and standards, including NIST SP 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) and the SANS Institute's guidelines on implementing 'Defense in Depth', provide detailed recommendations on securing the innermost layers of an organization's information systems.
Publications such as "Physical Security Principles" by ASIS International offer insights into best practices for securing the private internal layer, including access control systems, surveillance, and intrusion detection mechanisms.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit