Network Policy

Correct Answer: Establish a Centralized Policy Management

In matters of network security policy, consistency is key. The best way to ensure this consistency is through the establishment of a Centralized Policy Management. This means that all policies are managed, updated and implemented from one central point, ensuring a uniform application across the organization. This approach reduces the chances of inconsistencies or conflicts in policies, improving overall network security. On the contrary, allowing individual departments to manage their own policies could potentially increase inconsistencies. Although performing regular audits and enforcing stricter firewall rules are important aspects of network security, they do not address the particular issue of policy inconsistency.

Correct Answer: Implement Role-Based Access Control

The best policy to mitigate the risk of insider attacks in this case would be to 'Implement Role-Based Access Control'. Role-Based Access Control effectively limits the access to sensitive data to only those individuals who require it to perform their job duties, therefore reducing the number of potential sources of an insider attack. While 'Perform regular security risk assessment', 'Increase the frequency of network monitoring' and 'Disable Wi-Fi and switch to wired connections' can strengthen the overall security posture, they do not specifically target the risk of insider threats like Role-Based Access Control does. Regular security assessments may identify potential vulnerabilities, but not necessarily prevent unauthorized access by insiders. Frequent network monitoring can help identify unauthorized access once it has occurred, but may not prevent it. Disabling Wi-Fi and switching to wired connections can reduce the risk of external attacks, but would have little impact on insider threats.

Correct Answer: Implement regular security training and awareness programs

The most effective measure against phishing attacks is to implement regular security training and awareness programs. Phishing attacks are often successful due to a lack of awareness or vigilance on the part of employees. Therefore, regular training to increase awareness can drastically reduce the success rate of these types of attacks. Although deploying secure email gateways, decreasing the frequency of password updates, and enforcing stricter firewall rules can all provide added layers of security, these measures do not directly target the root cause of phishing attacks, which is usually human error.