Which method would be the BEST to protect security information and event management (SIEM) log data at rest from tampering by authorized users?A. Access control lists (ACLs) on log data drivesB. Deployment of write once read many (WORM) drivesC. Disk encryption using hardware security modules (HSM) on log data drivesD. Implementing the principle of least privilege on log data drives

Question

contestada

Respuesta :

SerenaBochenek SerenaBochenek · Answer 1 · 2020-07-31T07:56:09+02:00

Answer:

Option B (Deployment of write once read many (WORM) drives) is the appropriate one.

Explanation:

SIEM application goods/services consolidate safety information management (SIM) with security event management (SEM) throughout the area of device protection. We include an overview including its known vulnerabilities created by users and network equipment in actual environments.
No quantity of administrative intervention will alter the substance on something like a WORM disc, even by physical disc disruption or failure. That would be the better-suggested choice.