A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO’s first project after onboarding involved performing a vulnerability assessment against the company’s public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases.
Which of the following BEST addresses these concerns?
A . The company should plan future maintenance windows such legacy application can be updated as needed.
B . The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.
C . The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.
D . The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.
Answer: C
Leave a Reply