Title: Patch Management SolutionThe patch management plan to be outlined herein relies mostly on the fact that not all known vulnerabilities have had their mitigating patches released and thus there is also need to counter any unpatched vulnerabilities.The first step of the plan is to identify and implement an automated patch management system for all the servers that best suits the needs of the company. The involved personnel should also be adequately trained in patch management. It will be used in addition to normal business vulnerability scanning routines.The firm will use professionally recommended tools or other industry accepted automated patch management software. The system administrator will then issue a certificate to show that the patches have been applied. The patches will be applied twice a month hence two certificates will be issued a month (Felicia, 2011).Prior to deployment of the patches, they will be tested using test equipment not commercially used by the company. Any issues arising will be directed to the systems administrator. The system administrator will also be required to subscribe to newsletters and feeds from Microsoft patch centre. This will enable him/her to be up to date when any new patches and security warnings are issued.Since there is a limit of the personnel number that can be utilised, the patches will be applied using a set of predetermined patch prioritization criteria. The most critical patches will be deployed first followed by the rest in descending order. Patching of servers will be made a top priority over patching of end user systems. Due diligence will be taken in ensuring that the automatic patch deployment is applied to the correct target machine.After patch installation, verification will be done through carrying out of host and network vulnerability scanning by the system administrator (Felicia, 2011). Implementation of a patch management solution will ease this task since they generate reports of the whole patch deployment process.There will be monthly scanning of vulnerabilities in order to identify systems not yet patched. Tests will also be carried out to ensure that there is total compliance of patch deployment across all servers and workstations.Any identified vulnerabilities and patches that cannot for any reason be updated through the use of the automated patch management system will be well documented on an ad hoc report and corrected (Priscilla, 2004).As part of the plan, each personnel will be assigned roles as regards to patch management. These roles will include monthly reporting of status of patch management, adequate training of all relevant personnel on the policies and procedures to be implemented in the plan and the completion of forms on patch management certification amongst other roles.Further to all that, a database of all enterprise hardware and software inventory will be created and maintained by the system administrator. Also a database containing information on all required and deployed patches will be maintained for internal control purposes and for reporting purposes.Any exceptions on these policies will require a formal request to the system administrator. They will only be put under consideration due to unavoidable circumstances such as implementation timeframe amongst others. Exceptions that will be approved will be on a short term basis and will be subject to continuous reporting until the issues are solved or until the allowable time limit of two weeks is reached.There will be the creation of the role of Patch Management officer who will be responsible for designating roles and duties to other personnel.Due to the fact that zero day exploits are discovered frequently and in a random manner, deviations from the plan on patch deployment twice a month may be deemed necessary. Discovery of zero day exploits necessitates deploying of patches to all the servers as soon as possible. A patch management system is well efficient at handling such scenarios.Since one can never be too cautious, a regular verification of the patch management system logs will be carried out on a regular basis. Periodic scans will also be carried out regularly to ensure that all servers are patched and new added systems are up to date fully.Redundancy will also be deployed to a great extent. Having it for all critical services will enable spending of less time on patching which also improves work. In addition to that, it facilitates easier correction of patch deployment that goes wrong quickly and easier. DHCP scopes that are overlapping and redundant domain controllers will be identified and used.ReferencesFelicia Nicastro (2011). , Boca Raton,Florida: CRC Press.Priscilla Oppeinheimer (2004). Indianapolis: Cisco Press.