As a Security Analyst for a large organization, you have identified a low severity vulnerability on a server hosting a non-essential marketing website. The server is isolated from the internal network and contains no sensitive data. The vulnerability does not have a known exploit and fixing it would require taking the server offline during a major marketing campaign. What is the MOST appropriate risk management action to take in this scenario?
Ignore the vulnerability since it has no known exploit and is not critical.
Document the vulnerability and accept the risk until the campaign is over.
Immediately patch the vulnerability causing downtime during the marketing campaign.
Decommission the server as no vulnerability should be left unaddressed.
|Incident Response and Management
|Reporting and Communication