A legacy application is running on an operating system that is no longer supported by the vendor. If the organization continues to use the current application, which of the following should be the IS auditor's GREATEST concern?
A legacy application is running on an operating system that is no longer supported by the vendor. If the organization continues to use the current application, which of the following should be the IS auditor's GREATEST concern?
When an application runs on an operating system that is no longer supported by the vendor, the greatest concern for an IS auditor should be the potential exploitation of zero-day vulnerabilities. Unsupported systems do not receive security updates or patches, making them more susceptible to exploitation by attackers who discover new vulnerabilities. This poses a significant risk to the organization's security. While issues like increased maintenance costs, database update challenges, and potential license issues are valid concerns, they do not present an immediate and critical threat similar to security vulnerabilities.
zero-day vulnerabilities has the same impact in updated or out of support system, because is alredy unknown from comunity. Out of support system does not resolve known vulnerability. The correct answer is B
No, zero-day vulnerability is something unknown to the community. A supported system will receive updated protection against that.
A can be the coorect answer as unsupported OS will increase the chances of 0 day vulnerabilities. Increased cost of maintenace should not be prob for IS auditor.. It can be organisations concern.
Should be A
Increased cost of maintenance (Option C): While a valid concern, it's often a secondary consequence compared to the immediate security risk posed by zero-day vulnerabilities. Database updates (Option B): Depending on the specific architecture, database updates might still be possible even on an unsupported OS. However, it doesn't mitigate the security risks associated with the underlying operating system itself. License issues (Option D): While using unsupported software might violate license agreements, the immediate security risk posed by zero-day vulnerabilities is a more critical concern for an IS auditor.
should be A
should be A
A. Potential exploitation of zero-day vulnerabilities in the system
I think A is correct