Which term describes the approach to mitigating risks for vulnerabilities in systems that cannot be directly patched?

The term that describes the approach to mitigating risks for vulnerabilities in systems that cannot be directly patched is compensating control. This concept is significant in risk management and cybersecurity because it provides alternative measures to reduce risk when a direct fix is not feasible.

When a vulnerability exists that cannot be patched—either due to technical limitations, cost implications, or operational constraints—compensating controls are implemented to minimize potential harm or exploitability. These controls can include additional security measures, such as increased monitoring, data encryption, access restrictions, or enhanced physical security, effectively decreasing the risk of exploitation until a proper solution can be applied.

Understanding compensating controls is crucial for security professionals as they need to assess risks continuously and operate within practical constraints. This approach allows organizations to maintain security and manage risk without relying solely on traditional patching methods.