CISA Certified Information Systems Auditor – Question0444

A core business unit relies on an effective legacy system that does not meet the current security standards and threatens the enterprise network. Which of the following is the BEST course of action to address the situation?

A.
Require that new systems that can meet the standards be implemented.
B. Document the deficiencies in the risk register.
C. Develop processes to compensate for the deficiencies.
D. Disconnect the legacy system from the rest of the network.

Correct Answer: C