Compensating controls are alternative security measures that are implemented when the primary controls are not feasible, cost-effective, or sufficient to mitigate the risk. In this case, the organization used compensating controls to protect the legacy system from potential attacks by disabling unneeded services and placing a firewall in front of it. This reduced the attack surface and the likelihood of exploitation.
[References:, Official CompTIA Security+ Study Guide (SY0-701), page 29, Security Controls - CompTIA Security+ SY0-701 - 1.1 1, , , , , ]
Submit