Identification of vulnerability will require a corporate organization to make a decision to implement changes for the email server to enhance an effective corporate network system. Process to Implement the Decision

Process to implement the decision is to set aside both financial and human resources. Organizations should set aside that sufficient financial resources, and skilled it personnel to carry out the implementation of the project. Personnel to carry out patch stability must possess expertise in critical system and capable of verifying stability of the system after the patch installation. However, before the installation of patch is carried out, there is a need to implement a full back up of all data as well as server configuration. A best practice for disaster recovery is to do a back up of data. Moreover, there is a need to create an Emergence Repair disk for the email server.

Process to Implement the Change Request

The process to implement the change request is to install patches in the email server. However, an organization should update the gateway before installing patches to address vulnerability in the email server. The process to implement the change process involves the following:

Creating organizational-specific patch database,

Testing patches,

Distributing vulnerability and patch information to system administrators

Verification of patch installation through host and network scanning,

Provide training for system administrators for the use of vulnerability databases,

Deploying patches automatically.

The important step is to train system administrators who will be responsible to the vulnerability database. Training will assist the organization...

The next important process is to perform an automatic deployment of patches using an automated distributed patch deployment. Using this strategy, an organization will be able to provide a maximum security for the mail server.
Identification of Method to Monitor the System.

"Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions" (Dempsey, Chawla, Johnson,. et al. 2011 P. 1).

Methods that an organization could use to monitor the system are as follows:

Maintaining situational awareness of the system across the organization;

Use of automation system to monitor the system to identify potential risks,

Installing Malware detection tool to perform periodic scans and detect vulnerability to the system entry and exit points,

Use of Information System Security Officer to constantly monitor the system.

Creating a policy to ensure that employee monitor threats,

Maintaining an understanding with employees about threats and threat activities;

Always assessing all security controls.

References

Mell, P & Tracy, M.C. (2002).Procedures for Handling Security Patches. NIST Special Publication 800-40.

Dempsey, K. Chawla, N.S. Johnson, a. et al. (2011). ISCM) (Information Security Continuous Monitoring) for Federal Information Systems and Organizations. National Institute of Standards & Technology.

SANS Institute. (2003).Practical Methodological Process for Implementing a Patch management Process. SANS Institute Reading Room.