The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?
Compensating controls are alternative measures implemented to mitigate risks when it is not feasible to remediate vulnerabilities directly.
Key Actions:
Examples include deploying Web Application Firewalls (WAF), monitoring systems, or adjusting user privileges to reduce exposure.
These controls buy time while permanent solutions are developed.
Why Not Other Options:
Developer security training (A): Long-term measure but not immediate mitigation.
Intrusion Detection Systems (B): Useful for monitoring but not specific to mitigating application vulnerabilities.
Security testing tools (C): Help identify issues but do not address the immediate need for risk reduction.
EC-Council Alignment:
The use of compensating controls aligns with the CISO's responsibility to maintain security while balancing operational constraints.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit