Certified Information Systems Security Professional (CISSP) — Question 17

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider.
What is the BEST way to prevent and correct the software's security weaknesses?

Answer options

• A. Follow the software end-of-life schedule
• B. Implement a dedicated COTS sandbox environment
• C. Transfer the risk to the cloud service provider
• D. Examine the software updating and patching process

Correct answer: D

Explanation

The correct answer, D, is appropriate because examining the software updating and patching process is crucial for identifying and mitigating security vulnerabilities. Option A is incorrect as following the end-of-life schedule does not directly address current security issues. Option B, while helpful for testing, does not rectify existing vulnerabilities. Option C incorrectly assumes that the cloud provider will take on all security responsibilities without addressing the software's inherent weaknesses.