As a consultant, what is one of the first pieces of data that Tonya might request to validate security controls?

A robust asset inventory is crucial for validating security controls because it provides a comprehensive list of all hardware, software, and data assets within an organization. Understanding what assets exist is fundamental for evaluating the security posture of a network. This allows Tonya to identify what needs to be protected and assess whether appropriate security measures have been implemented.

For example, knowing the inventory helps in determining if all assets have corresponding security controls, such as firewalls, anti-virus software, and access controls. Additionally, it can help identify any unauthorized or vulnerable assets that may pose security risks. An accurate asset inventory informs risk assessments and prioritizes security efforts effectively.

While the other options provide valuable information—such as the incident response plan detailing procedures for handling security incidents, the network topology diagram illustrating network structure, and compliance audits assessing adherence to regulations—they do not directly relate to the foundational understanding of what assets exist for validating the specific security controls in place.