How to treat unpatched IT systems in violation of patching policies – a vulnerability management failure or something else? Improve your CISM exam preparation with this comprehensive analysis.
Table of Contents
Question
A situation where an organization has unpatched IT systems in violation of the patching policy should be treated as:
A. an increased threat profile.
B. a vulnerability management failure.
C. an increased risk profile.
D. a security control failure.
Answer
B. a vulnerability management failure.
Explanation
Unpatched systems violate the organization’s patching policy, which is a crucial aspect of vulnerability management. Failing to promptly apply security patches exposes systems to known vulnerabilities that can be exploited by threat actors, leading to potential security breaches and compromises. Proper vulnerability management involves identifying, prioritizing, and mitigating vulnerabilities in a timely manner through patching and other remediation measures. Therefore, the situation described is a clear case of vulnerability management failure within the organization.
ISACA CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CISM exam and earn ISACA CISM certification.