An analyst discovers that a critical legacy server cannot be patched according to the corporate security baseline because the required updates would break its primary application. To mitigate the associated risks, the analyst isolates the server in its own network segment, enhances its monitoring, and applies stricter firewall rules for all traffic to and from the server. What type of security measure do these combined actions represent?
These actions represent a compensating control. A compensating control is an alternative measure put in place when a standard security requirement cannot be met due to legitimate technical or business constraints. In this scenario, since the primary control (patching) is not feasible, the analyst implements other controls (network isolation, enhanced monitoring, stricter firewall rules) to provide a similar level of defense and reduce the risk to an acceptable level. Preventive controls aim to stop an incident from occurring, detective controls identify that an incident has occurred, and corrective controls are used to fix an issue after an incident. While the individual actions have preventive and detective elements, their collective purpose in this context is to compensate for the inability to patch.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a compensating control in cybersecurity?
Open an interactive chat with Bash
Why can't legacy systems usually be patched, and what challenges do they pose?
Open an interactive chat with Bash
How does monitoring enhance security for an unpatchable system?