CISM Certified Information Security Manager – Question1230

Which of the following should be the FIRST step to ensure system updates are applied in a timely manner?

A.
Run a patch management scan to discover which patches are missing from each machine.
B. Create a regression test plan to ensure business operation is not interrupted.
C. Cross-reference all missing patches to establish the date each patch was introduced.
D. Establish a risk-based assessment process for prioritizing patch implementation.

Correct Answer: A