A security analyst has identified a critical vulnerability in a public-facing web server that requires an emergency patch. However, the company's policy mandates that all changes to production systems must be reviewed and approved by the Change Advisory Board (CAB) to prevent business process interruptions. This requirement is delaying the remediation.
Which of the following inhibitors to remediation does this scenario BEST describe?
This scenario is a classic example of organizational governance acting as an inhibitor to remediation. While Change Advisory Boards (CABs) and their associated change management processes are crucial for maintaining stability and preventing unauthorized changes, they can also slow down urgent security responses. The requirement for CAB approval, even for emergencies, is a governance control that prioritizes operational stability, sometimes at the expense of rapid remediation.
Degrading functionality: This is a potential risk of applying a patch, which the CAB process aims to prevent, but the governance process itself is the direct inhibitor in the scenario.
Legacy systems: The scenario does not provide any information to suggest the web server is a legacy system.
Service-level agreement (SLA): While an SLA might define uptime requirements that influence change windows, the direct cause of the delay described is the mandatory CAB approval process, a function of organizational governance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of organizational governance structures that can affect vulnerability remediation?
Open an interactive chat with Bash
Why is coordination among stakeholders important in vulnerability remediation?
Open an interactive chat with Bash
What are some strategies to streamline vulnerability remediation in a complex governance environment?