A scan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the development environment have caused the servers to crash. What is the BEST course of action?
A scan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the development environment have caused the servers to crash. What is the BEST course of action?
When dealing with mission-critical production servers that experience crashes upon patching in the development environment, the best course of action is to mitigate the risks with compensating controls. Compensating controls are alternative measures put in place when it is too difficult or impractical to apply the original security requirements directly. This approach allows you to continue maintaining the necessary level of security without causing disruption to critical services. It provides a temporary safeguard until a more permanent solution can be safely implemented. Removing the affected software or upgrading it without proper testing could lead to system instability, while simply informing management without taking action does not mitigate the immediate risks.
"Development environment have caused the servers to crash" meaning that we need to inform MT first, because this is a critical item and plan what to do next. so, D then A
A is correct
D; notify management. A "compensating control" isn't going to help with multiple vulnerabilities, you can't compensate for that. "A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time." https://www.techtarget.com/whatis/definition/compensating-control#:~:text=A%20compensating%20control%2C%20also%20called,implement%20at%20the%20present%20time. What kept being stressed in my CISSP class is that you are not fixing anything, you are advising and working closely with management. So we have a real problem here, management needs to decide what to do.
A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.
A includes D. As we will be implementing compensating controls through a proper change management process which gives management info/awareness/chance to review.
The best course of action in this situation would be to mitigate the risks with compensating controls (option A). Compensating controls are alternative measures that can be implemented to mitigate risks when it is not possible or practical to address the underlying vulnerabilities directly. If applying patches to the affected servers has caused them to crash in the development environment, it is likely that applying the patches in the production environment would have the same result, which could have serious consequences for the organization's mission-critical operations. In this case, implementing compensating controls such as network segmentation, access controls, and monitoring could help to reduce the risk of attacks exploiting the vulnerabilities until a more permanent solution can be found.
The answer is A The best course of action when critical production servers are affected by vulnerabilities but patching crashes them is to mitigate the risks with compensating controls, option A. Since patches are not currently feasible without causing outages, alternative controls should be implemented to reduce the risks until either the vendors resolve the issues or the software can be upgraded/removed. Compensating controls provide protection for known vulnerabilities by layering additional safeguards like enhanced monitoring, restricted access, virtual patching, etc. This balances security and availability. Simply informing management does not directly address the technical risks. Upgrading or removing software needs more planning when stability is impacted. Therefore, mitigating the vulnerabilities through tactical compensating controls is the most prudent short-term approach until long-term systematic fixes can be implemented safely.
While informing management is crucial, it should be accompanied by immediate action to mitigate the risks. Simply informing them without taking any steps leaves the production servers vulnerable.
Sometimes these questions and answers baffle me. When a question is about "protecting data from disclosure" the answer is "collection limitation", but when the question is about out dated software, the answer is not "Remove the affected software from the servers.". Ech ..
If we 'think like a manger' we are doing A because we ARE the management. Otherwise we should do D (Application of mitigating controls should be done to bring risk within risk appetite. Management set risk appetite).
Update: Changing to D/Juniorhs86 is right. Even if we are a manager, the mission critical nature of the servers requires a larger planning phase before applying controls. Change Management must be followed.
Update 2: Admin PLEASE DELETE MY TWO UPDATE comments. Reached out to change management specialists and Answer is A. We cannot satisfy the exisiting security requirement so must apply compensating controls in line with the relevant standards. This may involve doing B or C but WILL involve doing D if the standards are properly operating and regularly audited (audit demands that compensating controls are validated as functioning/that they won't take down the system). Process for applying compensating controls should include controls validation.
Management in this case will be either CIO or CSO. What if they don't accept the approach of compensating control?
In situations where attempts to patch critical production servers have caused crashes or other issues, it is important to find alternative methods for mitigating the risks associated with the vulnerabilities. The best course of action would be to implement compensating controls to reduce the likelihood or impact of a successful exploit. Compensating controls are additional security measures that can be implemented to help reduce the risk to the organization. These can include network segmentation, access controls, network firewalls, intrusion detection systems and end-point protection, depending on the specific vulnerabilities and risks.
Answer A) Compensating Controls do not mean that they are not as-good as original intention and should have been already approved in Change Management, so the manager ought to already know what is at stake if you do not apply the Compensating Control. https://sprinto.com/blog/pci-dss-compensating-controls/
It the patch cannot be used, then workarounds is the next option
The answer is A... not D The servers crashing can be considered an incident. While reporting to management is important.. In the incident response phases, mitigation happens before reporting.
D. Informing the manager about risks then have the system owner, information owner , decide on the next steps. It could be mitigating risks using compensating controls (eg. isolating vulnerable servers, removing sensitive data) or it could be removing the affected software.
Think like a manager, not a technical guy. so it is D
Correct answer is A. Taking multiple practice tests. This type of question in particular favors taking action versus just communicating to upper management. immediate action is to be taken in this case. So A to mitigate risk FIRST to protect the business FIRST, THEN tell MGMT.