Organizations identify information systems affected by announced software flaws including potential vulnerabilities resulting from those flaws, and report this information to designated organizational personnel with information security responsibilities.
A security program provides the framework for keeping your company at a desired security level by assessing the risks you face, deciding how you will mitigate them, and planning for how you keep the program and your security practices up to date.
By incorporating flaw remediation into ongoing configuration management processes, required/anticipated remediation actions can be tracked and verified.
Flaw remediation actions that can be tracked and verified include, for example, determining whether organizations follow US-CERT guidance and Information Assurance Vulnerability Alerts.
: @orinthomas is a humor site, but it’s recent story Revenge of the IT Guy details five instances where someone who had been fired from the company was able to carry out a revenge plan that caused substantial organizational pain.
In almost all these cases, good administrator account deprovisioning policies would have saved the organization.