During an incident response, a cybersecurity analyst finds that an important security control is not functioning correctly. Which of the following measures should the analyst implement to maintain security and mitigate risks?
Implementing additional network monitoring and intrusion detection systems
Updating antivirus software on all connected devices
Isolating the compromised node from the network
Scheduling an emergency update of all software systems
Compensating controls are alternative measures implemented when primary security controls are inadequate or non-functional. They provide a stopgap solution to mitigate risk until the primary control can be restored. For example, if a firewall is malfunctioning, setting up additional network monitoring and intrusion detection systems could serve as temporary compensating controls. Using antivirus wouldn't address network control issues, and isolating the compromised node is more suitable for containment rather than compensating for failed controls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls in cybersecurity?
Open an interactive chat with Bash
How do intrusion detection systems (IDS) help in maintaining security?
Open an interactive chat with Bash
Why is isolating the compromised node not the best solution in this scenario?