Deciding not to apply a software patch to a non-critical system immediately because the patch may disrupt operations can be indicative of an organization's risk tolerance.
This statement is true because it illustrates a scenario where an organization chooses to accept the risk (delaying a patch) due to the potential of disrupting operations. Risk tolerance influences such decisions, where the risk of immediate disruption is seen as more significant than the risk of a potential vulnerability being exploited. This falls under vulnerability response and remediation, as organizations must balance the risks and costs of immediate action against potential security incidents.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What is risk tolerance?
What are software patches and why are they important?
What does vulnerability response and remediation entail?