Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?

Due to a recent acquisition, the security team must find a way to secure several legacy applications.

During a review of the applications, the following issues are documented:

– The applications are considered mission-critical.

– The applications are written in code languages not currently supported by the development staff.

– Security updates and patches will not be made available for the applications.

– Username and passwords do not meet corporate standards.

– The data contained within the applications includes both PII and PHI.

– The applications communicate using TLS 1.0.

– Only internal users access the applications.

Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
A . Update the company policies to reflect the current state of the applications so they are not out of compliance.
B . Create a group policy to enforce password complexity and username requirements.
C . Use network segmentation to isolate the applications and control access.
D . Move the applications to virtual servers that meet the password and account standards.

View Answer

Answer: D