Watch this video on YouTube
During a security assessment, if an information security manager discovers missing security patches on a server hosting a critical business application, what should be the first course of action?