Certified in Risk and Information Systems Control (CRISC) — Question 779

A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross-site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?

Answer options

• A. Require the software vendor to remediate the vulnerabilities.
• B. Approve exception to allow the software to continue operating.
• C. Monitor the databases for abnormal activity.
• D. Accept the risk and let the vendor run the software as is.

Correct answer: A

Explanation

The correct choice is A because requiring the software vendor to fix the vulnerabilities directly addresses the security issues. Options B and D both allow the software to operate without remediation, which does not mitigate the risk. Option C, while helpful for monitoring, does not resolve the underlying vulnerabilities.