A cybersecurity analyst is tasked with managing vulnerabilities on the network. Among the assets are legacy systems that cannot be updated or patched due to vendor support limitations. Given this constraint, what is the BEST approach to mitigate the risks associated with these systems?
The correct answer is 'Implementing compensating controls'. Compensating controls are alternative measures that are put in place when standard security practices cannot be applied. In the case of legacy systems, where patching may not be feasible due to the lack of vendor support, compensating controls can help in mitigating risk by providing additional layers of security without altering the legacy systems themselves. This may include network segmentation to limit exposure, or more stringent monitoring to detect any malicious activity. 'Accepting the risk' is generally not advised unless the risk is very low or no other options are viable. 'Decommissioning the systems' might be a potential solution but it's not always the best if the system is still required for business operations. 'Applying unsupported patches' is incorrect because it poses a high risk of incompatibility, instability, or further security vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls, and can you give examples?
Open an interactive chat with Bash
Why is it not advisable to accept risks associated with legacy systems?
Open an interactive chat with Bash
What are the potential consequences of applying patches without vendor support?