A security consultant discovers a critical vulnerability in a client's system during an assessment. After notifying the client, they learn the client plans to delay patching for 6 months due to business priorities, despite the significant risk. According to the ISC2 Code of Professional Ethics, what is the BEST action for the consultant to take?
Implement patches without informing the client to safeguard against potential breaches
Inform other security professionals about the vulnerability to determine the appropriate response
Report the vulnerability to relevant regulatory authorities due to the client's decision to delay patching
Document the risk, offer remediation recommendations, and have management acknowledge the risk
The correct answer is to document the risk, offer remediation recommendations, and have management acknowledge the risk. This approach aligns with the ISC2 Code of Professional Ethics, particularly the Canon of protecting society, the common good, and the infrastructure. While the consultant has an ethical obligation to ensure the client understands the risks, the consultant cannot force the client to implement fixes on a specific timeline. The consultant should document the risks and recommendations, obtain acknowledgment from management, and respect the client's business decisions. The other options either breach confidentiality (by disclosing to third parties or regulatory bodies), exceed the consultant's authority (by implementing patches without permission), or fail to fulfill the consultant's duty to properly inform the client of risks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the ISC2 Code of Professional Ethics?
Open an interactive chat with Bash
Why is it important to have management acknowledge risks in security assessments?
Open an interactive chat with Bash
Why is it unethical to implement patches without the client’s permission?
Open an interactive chat with Bash
ISC2 CISSP
Security and Risk Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .