Due to a recent acquisition, the security team must find a way to secure several legacy applications.
During a review of the applications the following issues were documented.
· The applications are considered mission Critical
· The application are written in code languages not currently supported by the development staff.
· Security updates and patches will not be made available for the applications
· Usernames and passwords do not meet corporate standards
· The data contained within the applications includes both PII and PHI
· The applications communicate using TLS 1.0
· Only internal users access the application
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
A. Update the company policies to reflect the current state of the application so they are not out of compliance
B. create a group policy to enforce password complexity and username requirements
C. Use Network segmentation to Isolate the application and control access.
D. Move the applications to virtual servers that meet the password and account standard.