You are working for a high tech blue-chip company in which research and development data is highly protected. All wired network access ports are disabled by default except those controlled for production or work purpose by 802.1X. The current Acceptable Usage Policy (AUP) states that any form of intranet wireless access is prohibited without exception. In a product engineering meeting, the vice president of R&D is requesting confined wireless access in the meeting room for convenience and efficiency. As a security professional, which of the following is the best way to deal with this situation?
A. Just note it down and file a case
B. Apply 802.1X to wireless access with WPA2 and use VPN connection
C. Implement a faraday cage and white noise to confine radiation in the meeting room
D. Revise the Acceptable Usage Policy (AUP)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Just note it down and file a case?
We implement solutions to problems or needs to create or change something to deliver values. A solution should be evaluated before and managed during and after its implementation.
As a security professional, you have to identify, analyze, and evaluate risks before handling them. You also have to manage the change when implementing the solution.
Options B, C, and D are solutions or risk handling actions; before that, the risk assessment must have been done and the risk handling actions must be evaluated and approved.
So, “Just note it down and file a case” for further evaluation is appropriate in this case.