Remediation Issues

  • Legacy systems

    • Compensating controls: filtering devices installed in front of it.

    • Air-gap

    • Just take it out and replace it

  • Proprietary Systems

    • Custom software (developed in house or purchased)

    • Developer out of business

    • Product no longer supported (abandonware)

  • Degrading functionality. We secured it, but does it still work?

    • Business process interruption. Reboots. Badly implemented high availability/fault tolerance. Plan your maintenance window.

    • Slow hardware.

    • Library version conflicts.

    • New patches, new bugs and crashes. Test your patches in a test environment.

  • Organizational Governance

    • The bureaucracy of making things happen

    • Always have approval

    • Who to thank, who to blame.

    • Change management

  • MOUs and SLAs – Memo of Understanding and Service Level Agreement

    • MOU

      • Not legally binding

      • Sets some roles, expectations, timelines

      • Gentleman’s agreement

      • Can be an email

    • SLA

      • Contract

      • Legally Binding

      • Describes deliverables

      • Describes how they are measured

      • Describes penalties

PreviousSecurity Trend AnalysisNextAsset, Change, and Configuration Management

Last updated