IT Trenches

Jan 25 2010   6:12PM GMT

Check this out – 4 Steps for Trimming Patch Management Time

Troy Tate Profile: Troy Tate

Hopefully you have heard of and are testing and/or applying the recent Microsoft out-of-cycle patch for the Internet Explorer vulnerability that was exploited and the cause of recent attacks on Google and other companies. If not, you need to consider how your organization and users are protected from this threat and others.

One main way of protecting your organization is by applying patches. An article on Dark Reading proposes 4 Steps for Trimming Patch Management Time. Those steps summarized here are:

1. Level the patching field. Time-saver: Develop a patch priority list based on business criticality: Your business continuity/disaster recovery plan is a good starting place for establishing a hierarchy of patch deployments that will see the most critical exposures patched first, with lower risk or lower exposure vulnerabilities patched on a less fast-paced (and, ironically, less time-consuming) schedule.

2. Know which systems impose their own patch schedule. Time-saver: Maintain a list of critical systems’ regular maintenance and planned downtime schedules, and plan patch deployment accordingly, dealing with other more readily available systems in the meantime. Review and update system maintenance schedules (and their effect on other schedules) on a regular basis.

3. Know who needs to know and who signs off. Time-saver: Create and maintain a comprehensive patch deployment approval and sign-off path along with your systems inventory, including emergency and off-hour contact information for all personnel on the list.

4. Take time to test patches before going operational. Time-saver: Establish comprehensive patch test platforms, including platforms for new technologies and configurations ahead of time, and make their maintenance, readiness, and upgrades an ongoing part of your operations overhead and budget. Build a day of patch-test time into your patch deployment schedule.

What steps do you take to effectively manage patches for your organization? I think Dark Reading hit the nail on the head with this list. I urge you to go read the article in its entirety. Add your comments below.

Thanks for reading & let’s continue to be good network citizens!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: