You take on the role of Security Officer for a mid$-$sized NHS hospital which has been the target of several successful cyberattacks. You discover that staff have access to information assets using Discretionary Access Control. All staff use internal file and printer sharing as part of their roles.

Which of the following actions should be your top priority?

Question $1$ Answer

a$.$

Updating the security policy.

b$.$

Implementing an alternative access control approach.

c$.$

Conducting a risk assessment.

d$.$

Training staff on recognising social engineering.

e$.$

Filtering unused network ports.

Question $2$

Answer saved

Marked out of $2\mathrm{.}00$

Flag question

Question text

What should normally follow the completion of a risk assessment?

Question $2$ Answer

a$.$

Filter unused network ports.

b$.$

Shut down unnecessary services and administrator accounts.

c$.$

Update formal model.

d$.$

Update security policies.

e$.$

Implement staff training on social engineering.