A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard.
Which of the following types of controls should be used to reduce the risk created by this scenario?
A . Physical
B . Detective
C . Preventive
D . Compensating
Answer: D