A critical system audit shows that the payroll system is not meeting security policy due to missing OS security
patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the
system is only supported on the current OS patch level. Which of the following compensating controls should
be used to mitigate the vulnerability of missing OS patches on this system?
A.
Isolate the system on a secure network to limit its contact with other systems
B.
Implement an application layer firewall to protect the payroll system interface
C.
Monitor the system’s security log for unauthorized access to the payroll application
D.
Perform reconciliation of all payroll transactions on a daily basis