A cybersecurity analyst at a financial institution has discovered a critical vulnerability in their online banking application that could be exploited to gain unauthorized access to customer accounts. The analyst recommends mitigating the threat by applying a security patch that has been released by the software vendor. However, due to operational constraints, the patch cannot be applied for another two weeks. What should the analyst do in the interim to mitigate the risk?
Implement additional monitoring and apply temporary fixes.
Notify customers and advise them to change their passwords.
Upgrade the operating system of the servers hosting the application.
Terminate the online banking service until the patch can be applied.
Implementing compensating controls is a key strategy when a security patch cannot be immediately applied. Compensating controls can include measures such as additional monitoring, network segmentation, or applying temporary fixes to minimize the risk until the patch can be applied. This mitigates the immediate threat while planning for the permanent solution. Other answers, like upgrading the operating system or terminating the online banking service, are not practical interim steps and do not adequately address mitigation in the context of delayed patching.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls in cybersecurity?
Open an interactive chat with Bash
What is network segmentation, and how does it help mitigate security risks?
Open an interactive chat with Bash
Why is additional monitoring important when delaying a security patch?