Which of the following risk management strategies describes applying a compensating control to a device rather than patching?
Mitigation
In risk management, applying a compensating control involves implementing alternative security measures to address vulnerabilities instead of patching the device directly. This strategy aims to reduce the risk exposure associated with unpatched systems by introducing additional safeguards or countermeasures.
Acceptance in risk management refers to acknowledging the existence of a risk without taking active measures to address or mitigate it. This strategy is suitable when the cost of managing the risk outweighs the potential impact, making it more cost-effective to accept the risk rather than invest in controls.
Correct. Mitigation involves taking actions to lessen the impact or probability of a risk. When applying a compensating control to a device instead of patching, it falls under the mitigation strategy. By implementing compensating controls, organizations can reduce the risk posed by unpatched vulnerabilities while maintaining operational functionality.
Risk avoidance entails steering clear of activities or situations that could lead to potential risks. This strategy aims to eliminate the possibility of a risk occurring altogether, often by choosing not to engage in high-risk activities or environments.
Transference involves shifting the risk to another party, typically through insurance or outsourcing arrangements. Organizations opt for risk transference when they transfer the financial consequences of a risk to a third party better equipped to manage or absorb it.
In the context of risk management, applying compensating controls to devices instead of patching aligns with the mitigation strategy. By proactively implementing alternative security measures, organizations can effectively reduce the exposure to vulnerabilities and enhance their overall security posture without immediately addressing the root cause through patching.
Related Questions
View allAfter a security incident, a systems administrator asks the company to...
A company decides to purchase an insurance policy. Which of the follow...
Which of the following security principles most likely requires valida...
The security team notices that the Always On VPN solution sometimes fa...
Which of the following uses proprietary controls and is designed to fu...
Related Quizzes
View allCompTIA A Plus Certification Exam
CompTIA A Plus Exam Questions
CompTIA A Plus 1001 Exams Practice
CompTIA A Plus Practice Exam
CompTIA CySA+ Cybersecurity Analyst Certification all in One Exam Guide
CompTIA Network Plus Certification Exam Quiz
CompTIA Security Plus Exam Answers
Free CompTIA Security Plus Practice Test
CompTIA Security Plus 501 Practice Questions
CompTIA Security Plus Example Questions
- ✓ 500+ Practice Questions
- ✓ Detailed Explanations
- ✓ Progress Analytics
- ✓ Exam Simulations