Your organization has just experienced a security breach where an attacker exploited a known vulnerability in a third-party application that was pending a security patch. Given the incident, which type of control should be implemented immediately to reduce the likelihood of a similar vulnerability being exploited again before the patch can be applied?
A compensating control is used to mitigate risk when an existing control is deemed insufficient or when required controls are not feasible to implement at the time. In this scenario, applying a compensating control while the security patch is pending provides an immediate mitigation strategy to reduce the risk of similar exploits. Specific examples of compensating controls can include firewall rules, access control lists, or additional monitoring, but generally, the term 'compensating control' best encapsulates the broader immediate action that needs to be taken.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of compensating controls?
Open an interactive chat with Bash
How do compensating controls differ from preventative controls?
Open an interactive chat with Bash
What is the importance of applying patches promptly?