December 23, 2021 by Admin
An operating system (OS) noncritical patch to enhance system security cannot be applied because a critical application is not compatible with the change. Which of the following is the BEST solution?
- Rewrite the application to conform to the upgraded operating system
- Compensate for not installing the patch with mitigating controls
- Alter the patch to allow the application to run in a privileged state
- Run the application on a test platform; tune production to allow patch and application
Since the operating system (OS) patch will adversely impact a critical application, a mitigating control should be identified that will provide an equivalent level of security. Since the application is critical, the patch should not be applied without regard for the application; business requirements must be considered. Altering the OS patch to allow the application to run in a privileged state may create new security weaknesses. Finally, running a production application on a test platform is not an acceptable alternative since it will mean running a critical production application on a platform not subject to the same level of security controls.