A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO) . The CISO's first project after onboarding involved performing a vulnerability assessment against the company's public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases. Which of the following BEST addresses these concerns?
A) The company should plan future maintenance windows such legacy application can be updated as needed.
B) The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.
C) The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.
D) The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.
Correct Answer:
Verified
Q305: The director of sales asked the development
Q306: The audit team was only provided the
Q307: Following a complete outage of the electronic
Q308: A new database application was added to
Q309: After embracing a BYOD policy, a company
Q311: A company is moving all of its
Q312: A security appliance vendor is reviewing an
Q313: An organization is evaluating options related to
Q314: A new security policy states all wireless
Q315: A company relies on an ICS to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents