# Patch and Vulnerability Remediation Operations One-sentence definition: Operational cadence to deploy fixes safely and quickly based on risk. ## Key Facts - SLAs by severity/exposure; emergency vs normal windows. - Test patches; staged rollouts; backout plans and snapshots. - Cover OS, apps, firmware; track exceptions with end dates. - Validate via rescans; report aging and compliance. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose risk-based patching with verification, not “set and forget.” **Mnemonic:** “**Patch, prove, proceed**.” ## Mini Scenario Q: Critical internet vuln; vendor patch in 5 days—action? A: Mitigate (WAF, config, isolation) and plan expedited patch. ## Revision Checklist - SLA concept. - Rollout safety. - Verification step. ## Related [[Change Management and CAB]] · [[Vulnerability Management Lifecycle]] · [[Configuration Management and Drift Control]] · [[Operational Metrics and KPIs (MTTD MTTR Coverage)]] · [[Incident Response Lifecycle (NIST-Style)]] · [[Domain 7 - Index]]