A cybersecurity analyst is reviewing the vulnerabilities associated with an older, mission-critical application. The application cannot be updated or patched without significant downtime, which would impact business operations. After evaluating the application's vulnerabilities, it is determined that they are not actively being exploited in the wild and the potential impact is low. The environment is heavily monitored with numerous compensating controls in place to detect any malicious activity. Which course of action is most appropriate for the cybersecurity analyst to recommend in this scenario?
Recommend mitigating the risk immediately by taking the application offline for patching.
Recommend accepting the risk and continue monitoring for any changes in threat exposure.
Recommend avoiding the risk by ceasing the use of the application and seeking an alternative solution.
Recommend transferring the risk to a third-party vendor specializing in legacy application security.
|Incident Response and Management
|Reporting and Communication