An organization relies heavily on an application that has a high frequency of security updates.
At present, the security team only updates the application on the first Monday of each month, even though the security updates are released as often as twice a week.
Which of the following would be the BEST method of updating this application?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The BEST method of updating this application depends on balancing the risks associated with applying updates too frequently with the risks associated with not applying updates frequently enough.
Answer A, which suggests configuring testing and automating patch management for the application, is the BEST method of updating this application. By doing so, the security team can continuously monitor for new updates and apply them as soon as possible after they are released. This will ensure that the application is kept up-to-date with the latest security patches, reducing the risk of a security incident occurring. The testing component of this approach will help mitigate the risks associated with applying updates that may cause unintended consequences, such as system instability or compatibility issues with other applications.
Answer B, which suggests configuring security control testing for the application, is not the best method of updating the application because it does not address the underlying issue of infrequent updates. Security control testing is an important part of an overall security strategy, but it should not be the only method of updating the application.
Answer C, which suggests manually applying updates for the application when they are released, is not the best method of updating the application because it requires a high level of diligence and consistency from the security team. It is also time-consuming and prone to errors, which can increase the risk of a security incident occurring.
Answer D, which suggests configuring a sandbox for testing patches before the scheduled monthly update, is a good approach for testing updates before deploying them to production systems. However, it does not address the underlying issue of infrequent updates and may delay the deployment of critical security patches.
In summary, the BEST method of updating this application would be to configure testing and automate patch management for the application.