During an incident response, a cybersecurity analyst finds that an important security control is not functioning correctly. Which of the following measures should the analyst implement to maintain security and mitigate risks?
Scheduling an emergency update of all software systems
Implementing additional network monitoring and intrusion detection systems
Isolating the compromised node from the network
Updating antivirus software on all connected devices
Compensating controls are alternative measures implemented when primary security controls are inadequate or non-functional. They provide a stopgap solution to mitigate risk until the primary control can be restored. For example, if a firewall is malfunctioning, setting up additional network monitoring and intrusion detection systems could serve as temporary compensating controls. Using antivirus wouldn't address network control issues, and isolating the compromised node is more suitable for containment rather than compensating for failed controls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
How do network monitoring and intrusion detection systems work?
Open an interactive chat with Bash
Why wouldn't updating antivirus software be effective in this scenario?