Certified in Risk and Information Systems Control (CRISC) — Question 417

Which of the following would BEST mitigate the ongoing risk associated with operating system (OS) vulnerabilities?

Answer options

• A. Document and implement a patching process
• B. Identify the vulnerabilities and applicable OS patches
• C. Temporarily mitigate the OS vulnerabilities
• D. Evaluate permanent fixes such as patches and upgrades

Correct answer: A

Explanation

The best approach to mitigate ongoing OS vulnerabilities is to document and implement a patching process, as it ensures that all vulnerabilities are consistently addressed. Identifying vulnerabilities and patches (option B) is important but does not provide a complete solution without the implementation of a patching process. Temporarily mitigating vulnerabilities (option C) does not resolve the risk in the long term, and evaluating permanent fixes (option D) is a useful step but is less effective without a structured patching process in place.