Certified in Risk and Information Systems Control (CRISC) — Question 988
What is the BEST recommendation to reduce the risk associated with potential system compromise when a vendor stops releasing security patches and updates for a business-critical legacy system?
Answer options
- A. Ensure regular backups take place.
- B. Install antivirus software on the system.
- C. Virtualize the system in the cloud.
- D. Segment the system on its own network.
Correct answer: D
Explanation
The best option is to segment the system on its own network, as this limits exposure and potential spread of threats. Regular backups and antivirus software are important but do not directly address the risk of compromise from an unsupported system. Virtualization in the cloud may provide some benefits, but it does not inherently reduce the risk of the legacy system being compromised.