A critical system audit shows that the payroll system is not meeting security policy due to missing
OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current
OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?
A.
Isolate the system on a secure network to limit its contact with other systems
B.
Implement an application layer firewall to protect the payroll system interface
C.
Monitor the system’s security log for unauthorized access to the payroll application
D.
Perform reconciliation of all payroll transactions on a daily basis