Hopefully you have heard of and are testing and/or applying the recent Microsoft out-of-cycle patch for the Internet Explorer vulnerability that was exploited and the cause of recent attacks on Google and other companies. If not, you need to consider how your organization and users are protected from this threat and others.
1. Level the patching field. Time-saver: Develop a patch priority list based on business criticality: Your business continuity/disaster recovery plan is a good starting place for establishing a hierarchy of patch deployments that will see the most critical exposures patched first, with lower risk or lower exposure vulnerabilities patched on a less fast-paced (and, ironically, less time-consuming) schedule.
2. Know which systems impose their own patch schedule. Time-saver: Maintain a list of critical systems’ regular maintenance and planned downtime schedules, and plan patch deployment accordingly, dealing with other more readily available systems in the meantime. Review and update system maintenance schedules (and their effect on other schedules) on a regular basis.
3. Know who needs to know and who signs off. Time-saver: Create and maintain a comprehensive patch deployment approval and sign-off path along with your systems inventory, including emergency and off-hour contact information for all personnel on the list.
4. Take time to test patches before going operational. Time-saver: Establish comprehensive patch test platforms, including platforms for new technologies and configurations ahead of time, and make their maintenance, readiness, and upgrades an ongoing part of your operations overhead and budget. Build a day of patch-test time into your patch deployment schedule.
What steps do you take to effectively manage patches for your organization? I think Dark Reading hit the nail on the head with this list. I urge you to go read the article in its entirety. Add your comments below.
Thanks for reading & let’s continue to be good network citizens!