A global financial institution has several critical application servers running on an operating system that the vendor has announced will reach End of Support (EOS) in six months. The application is mission-critical and cannot be migrated to a newer platform for at least 18 months due to compatibility issues with other systems. What is the most appropriate approach for the organization to maintain security during this period?
Air-gap the servers from external networks
Negotiate an Extended Support Agreement with the vendor
Accept the risk since migration is planned
Add additional security controls and continue operations
Extended Support Agreements (ESAs) provide the organization with continued security updates and patches from the vendor after the standard support period ends. This is particularly important for mission-critical systems that cannot be immediately migrated or replaced. While air-gapping systems or implementing additional security controls may help reduce risk, they don't address the fundamental issue of missing security patches for newly discovered vulnerabilities. Accepting the risk without mitigation would be inappropriate for a financial institution dealing with critical systems. ESAs represent a formal risk management approach that allows organizations to maintain vendor support during transition periods beyond the standard End of Support date.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Extended Support Agreements (ESAs)?
Open an interactive chat with Bash
Why is it important to maintain security updates for critical systems?
Open an interactive chat with Bash
What are the risks of air-gapping servers to maintain security?
Open an interactive chat with Bash
ISC2 CISSP
Asset Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access