A financial services company has recently suffered from a ransomware attack that has impacted a critical server which is not upgradable to the latest security patches due to legacy software dependencies. The incident response team is considering various options for mitigating the risk of this server being compromised again. Which of the following would be the BEST form of a compensating control given the inability to patch the server?
Schedule regular patching for the critical server.
Enforce frequent password rotation for all users with access to the critical server.
Produce and store encrypted backups of the server on a bi-weekly basis.
Implement network segmentation to isolate the critical server from the broader network.
Network segmentation is a compensating control that can limit the ransomware spread by isolating the critical server from the broader network, thus reducing the risk of cross-contamination from other network segments. Regular patching is the primary control but is not feasible in this scenario due to legacy software constraints, making it an incorrect answer. Encrypted backups are essential, but they don't address the direct risk of the server being compromised; instead, they are more about ensuring data recovery post-incident. Similarly, frequent password rotation is a security best practice but does not effectively mitigate the specific risk of unpatched systems being exploited.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation and how does it work?
Open an interactive chat with Bash
Why can't we just apply regular patching to the critical server?
Open an interactive chat with Bash
What are the advantages of producing and storing encrypted backups?