Exercise: Developing a Mitigation Plan

In this exercise you will consider a risk scenario and create a remediation plan.

Answer the following scenario:

QUESTION:

Consider the following risk scenario and develop a mitigation plan for dealing with the risk.

Through an assessment, you recently discovered that critical vulnerabilities have not been patched on a number of corporate server resources. You have a patch management policy in place but these servers didn't get patched according to service level agreements (SLAs) in the policy. Your team doesn't handle server patching but you are responsible for ensuring that patches get applied in a timely manner by working with the system administrators. You want to make sure that the systems get patched now and you want to ensure that this issue doesn't happen again. How would you design a mitigation plan to address the risk?

The risk statement that you assessed was: Patches are not up-to-date which may lead to data loss. You assessed the likelihood as medium and the impact as high.

ANSWER:

Please review the video explanation for a walkthrough of a mitigation plan for this scenario.

Next Concept