Vendors have released patches fixing security flaws in their software. Which of the following should an IS
auditor recommend in this situation?

A.
Assess the impact of patches prior to installation.

B.
Ask the vendors for a new software version with all fixes included.

C.
install the security patch immediately.

D.
Decline to deal with these vendors in the future.

Explanation:
The effect of installing the patch should be immediately evaluated and installation should occur based on the
results of the evaluation. To install the patch without knowing what it might affect could easily cause problems.New software versions withall fixes included are not always available and a full installation could be time
consuming. Declining to deal with vendors does not take care of the flaw.