Page 12 - 4-Level Funnel Diagram Design for PowerPoint

P. 12

IT Change Management

Vulnerability

Zero-Day

• Zero-day refers to a vulnerability or
weakness in a system that has been Responsibility
discovered but the vendor has not yet
provided a formal remediation.
• Organizations should have a plan to
address zero-day vulnerabilities because  Management should
they may not be able to wait for a patch or understand how critical
other instructions for mitigation. vulnerabilities are discovered
• Instead, the organization may need to and what process is followed to
immediately conduct a high-level threat assess, test, and address
analysis and implement a compensating weaknesses
control.

Third-Party Vendors

 For organizations relying on third-party vendors for cloud application services,
management should understand the vendor’s patch policy and how their vendors
manage patches.
 This information is typically found in service organization control (SOC) reports.

7 8 9 10 11 12 13 14 15 16 17