A security consultant discovers a critical vulnerability in a client's system during an assessment. After notifying the client, they learn the client plans to delay patching for 6 months due to business priorities, despite the significant risk. According to the ISC2 Code of Professional Ethics, what is the BEST action for the consultant to take?
Implement patches without informing the client to safeguard against potential breaches
Inform other security professionals about the vulnerability to determine the appropriate response
Report the vulnerability to relevant regulatory authorities due to the client's decision to delay patching
Document the risk, offer remediation recommendations, and have management acknowledge the risk
The correct answer is to document the risk, offer remediation recommendations, and have management acknowledge the risk. This approach aligns with the ISC2 Code of Professional Ethics, particularly the Canon of protecting society, the common good, and the infrastructure. While the consultant has an ethical obligation to ensure the client understands the risks, the consultant cannot force the client to implement fixes on a specific timeline. The consultant should document the risks and recommendations, obtain acknowledgment from management, and respect the client's business decisions. The other options either breach confidentiality (by disclosing to third parties or regulatory bodies), exceed the consultant's authority (by implementing patches without permission), or fail to fulfill the consultant's duty to properly inform the client of risks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key elements of the ISC2 Code of Professional Ethics?
Open an interactive chat with Bash
Why is it important to document risks and have management acknowledge them?
Open an interactive chat with Bash
What are the potential consequences of delaying patching for a known vulnerability?
Open an interactive chat with Bash
ISC2 CISSP
Security and Risk Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access