Question
Question 8 of 10
The IT department of a company has identified significant risks to a critical piece of business software. There are no available controls to alleviate the software's vulnerability, but the business will lose all revenue sources without this software.
What is the best course of action?
answer
Uninstall the vulnerable software to prevent exploitation.
Submit a formal request for a risk management exception
Mitigate the vulnerability.
Take no further action as the software is critical to operations
The IT department of a company has identified significant risks to a critical piece of business software. There are no available controls to alleviate the software's vulnerability, but the business will lose all revenue sources without this software.
What is the best course of action?
answer
Uninstall the vulnerable software to prevent exploitation.
Submit a formal request for a risk management exception
Mitigate the vulnerability.
Take no further action as the software is critical to operations
Answers
GPT-4o mini
In this scenario, the best course of action is to **Submit a formal request for a risk management exception**.
Since the software is critical to operations and there are no controls available to alleviate the vulnerability, simply uninstalling or ignoring the issue is not viable. Mitigating the vulnerability may not be possible given the context. By submitting a formal request for a risk management exception, the IT department can formally acknowledge the risk, document it, and seek approval from management to continue using the software with an understanding of the associated risks. This approach allows for transparency and informed decision-making in the organization.
Since the software is critical to operations and there are no controls available to alleviate the vulnerability, simply uninstalling or ignoring the issue is not viable. Mitigating the vulnerability may not be possible given the context. By submitting a formal request for a risk management exception, the IT department can formally acknowledge the risk, document it, and seek approval from management to continue using the software with an understanding of the associated risks. This approach allows for transparency and informed decision-making in the organization.