You are a cybersecurity analyst working for a healthcare organization. During a vulnerability assessment, your team identifies a critical vulnerability in an essential software system that cannot be patched in the next 30 days due to operational constraints. What is the best immediate course of action to ensure the system remains secure?
Implement compensating controls to mitigate the risk posed by the vulnerability.
Accept the risk and wait until the patch can be applied in 30 days.
Postpone the operational constraints to apply the patch when feasible.
Replace the software system to address the vulnerability.
Implementing a compensating control is the best immediate course of action. Compensating controls are alternate security measures put in place to mitigate vulnerabilities when the primary solution (e.g., patching) is not feasible. In this scenario, temporary measures such as enhanced monitoring, access restrictions, or additional firewall rules can achieve similar protection while the patch is pending. Other options either do not address the urgent necessity of securing the system or involve unrealistic or unnecessary measures given the situation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
Can you give examples of compensating controls?
Open an interactive chat with Bash
Why is replacing the software system usually not a feasible option?