Certified in Risk and Information Systems Control (CRISC) — Question 1135

Which of the following would BEST prevent an unscheduled application of a patch?

Answer options

• A. Segregation of duties
• B. Compensating controls
• C. Change management
• D. Network-based access controls

Correct answer: C

Explanation

Change management is the correct answer as it establishes a formal process for applying patches, ensuring they are reviewed and approved before implementation. Segregation of duties, compensating controls, and network-based access controls do not specifically address the patch application process and may not prevent unscheduled changes effectively.