Remediation

---

Remediation describes the corrective actions taken to address a problem or issue permanently.

• involves
  • replacing faulty hardware or software
  • or implementing new procedures to prevent similar issues
• requires using the outputs of root cause analysis to correctly identify the fix that prevents the issue from happening again
• e.g.,
  •  if an attack used a software or firmware exploit, the target system must be patched
  • Root cause analysis would seek to determine
    • why the systems were unpatched in the first place
    • how the attack was able to access the vulnerable systems
• recovery efforts focus on restoring things back to normal
• remediation describes how lessons learned and root cause analysis is incorporated into policies, procedures, and technological improvements to ensure the problem does not reoccur