Certified in Risk and Information Systems Control (CRISC) — Question 847

A company has recently acquired a customer relationship management (CRM) application from a certified software vendor. Which of the following will BEST help to prevent technical vulnerabilities from being exploited?

Answer options

• A. Verify the software agreement indemnifies the company from losses.
• B. Update the software with the latest patches and updates.
• C. Review the source code and error reporting of the application.
• D. Implement code reviews and quality assurance on a regular basis.

Correct answer: B

Explanation

Updating the software with the latest patches and updates is crucial as it addresses known vulnerabilities, making it harder for attackers to exploit them. While reviewing source code and implementing code reviews are important for long-term security, they do not provide immediate protection against existing vulnerabilities like timely updates do. Verifying the software agreement and quality assurance practices are also important but do not directly prevent exploitation of technical flaws.