After an investigation confirms that attackers exfiltrated confidential customer records by exploiting a known vulnerability in an unpatched application server, which recommendation should be prioritized in the incident-response report to prevent a similar breach?
Deploy data loss prevention controls to block unauthorized transfers of sensitive data
Enforce full-disk encryption and require strong encryption for all data in transit
Implement a rigorous patch-management policy that ensures timely installation of vendor security updates
Reconfigure firewall egress rules to block outbound traffic to unapproved destinations
Implementing a rigorous, organization-wide patch-management policy directly remediates the root cause-outdated, vulnerable software-identified during the investigation. NIST SP 800-40r4 notes that effective enterprise patch management "helps prevent compromises, data breaches, operational disruptions, and other adverse events." Deploying DLP tools, enforcing stronger encryption, or tightening outbound firewall rules can lessen impact or improve detection, but none closes the exploit path that enabled the breach.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is patch management critical in preventing security incidents?
Open an interactive chat with Bash
What are the challenges of implementing a patch management policy?
Open an interactive chat with Bash
How does patch management differ from other security measures like encryption?