question 1:Despite operating a patch management program, your company has been e

question 1:Despite operating a patch management program, your company has been exposed to several attacks over the last few months. You have drafted a policy to require a lessons-learned incident report be created to review the historical attacks and to make this analysis a requirement following future attacks. Respond to the following question:
1. How can this type of control be classified?
Your company is interested in implementing routine backups of all customer databases. This will help uphold availability because you will be able to restore the backed-up copy quickly and easily, and it will help uphold integrity in case someone tampers with the database. Respond to the following question:
2. What controls can you implement to round out your risk mitigation strategy and uphold the components of the CIA triad?
Additionally, discuss what work experiences you had or are involved in that use in which patch management programs to help with vulnerabilities on your network. Have you had experience with not being able to access important information for work or personal use because access was denied? How did you resolve the issue so you could access the data?
Question 2:
our chief information security officer (CISO) wants to develop a new collection and analysis platform that will enable the security team to extract actionable data from its assets. The CISO would like your input regarding which data sources to draw from as part of the new collection platform, worrying that collecting from too many sources—or not enough—could impede the company’s ability to analyze information. Research the following questions to answer the CISO’s concerns:
Is this a valid concern, and how can it be addressed within an intelligence life-cycle model?
What characteristics should be used to evaluate threat data and intelligence sources?
What are the phases of the intelligence cycle?