A security team identifies a critical vulnerability on a server supporting a mission-critical business process. Remediation requires taking the server offline, which will cause an unacceptable business interruption. What is the most appropriate initial strategy to address this risk?
Immediately apply the patch to eliminate the vulnerability.
Postpone the remediation until the next scheduled maintenance window.
Accept the risk until a less disruptive remediation is possible.
Implement compensating controls to reduce the immediate risk.
The most appropriate initial strategy is to implement compensating controls. This allows the organization to reduce the immediate risk of the critical vulnerability while a plan is made to apply the permanent fix (the patch) in a way that minimizes business disruption, such as during a scheduled maintenance window. Immediately applying the patch ignores the stated business requirement of no interruption. Postponing remediation or simply accepting the risk without any mitigation leaves the organization unacceptably exposed to a critical threat.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.