Numara
NUMARA Patch Manager: A Practical Guide To Building An Effective Patch Management Process
Vulnerability Analysis Tools, Fix PC Bugs: Timely patching of every organization’s information technology systems is critical to maintaining the operational availability, confidentiality, and integrity of information assets. Failure to keep operating system and application software patched increases the potential risk of serious financial, legal and reputation losses due to information compromise.
Click here to download pdf version of paper.
By Tony Thomas , Senior Network Engineer and Product Manager, NumaraTM Software Inc.
INTRODUCTION
Policies and procedures provide the framework to successfully implement and maintain organizational actions – specific to information system vulnerabilities and security patching. Effective policies and procedures provide this framework to support initiatives and actions to secure and keep secure affected systems. The process under which these actions occur is called patch management.
Timely patching of every organization’s information technology systems is critical to maintaining the operational availability, confidentiality, and integrity of information assets. Failure to keep operating system and application software patched increases the potential risk of serious financial, legal and reputation losses due to information compromise. Losses may result if such assets are compromised as a result of an Internet worm, virus outbreak, or a hacker gaining access through exploitation of unpatched (or otherwise poorly-protected) system vulnerabilities.
For an organization to succeed at effectively managing its system patching, executive management, working with security managers who operate the program, must initiate and support an organization-wide Security Vulnerability and Patch Management Program. This document presents the essential elements for an effective Security Vulnerability and Patch Management Program.
Purpose
This document will assist individuals who have been assigned the task or have identified the need to establish a patch management strategy. This document details methods and approaches to effectively implement a sound patch management process. As stated on page 3, executive support for these programs is absolutely critical to insure their operational success.
ACHIEVING MANAGEMENT SUPPORT
Prior to implementing any organizational security initiative, executive support must be gained for the project. Without such support, efforts carry none of the weight of other organizational requirements. If such support does not exist in the organization, executive support must be sought.
Prior to obtaining support, the project driver must build a strong case to present to executive management. Building a strong business case permits the best method to addressing the needs of executives – proving that patch management directly impacts the bottom line. Obtaining executive support increases the chances for success of an effective patch management program.
Available executive support provides the necessary backbone for ongoing patch management efforts.
Building the Business Case
Building a business case for patch management is the most crucial step to obtaining executive support. Executives require the cost versus benefit of any initiative and how the initiative impacts the business’s bottom line. The following flow-chart illustrates a recommended approach to building a strong case for patch management and vulnerability mitigation:
To download remainder of paper, click link below.
Click here to download pdf version of paper.
By Tony Thomas , Senior Network Engineer and Product Manager, NumaraTM Software Inc.
INTRODUCTION
Policies and procedures provide the framework to successfully implement and maintain organizational actions – specific to information system vulnerabilities and security patching. Effective policies and procedures provide this framework to support initiatives and actions to secure and keep secure affected systems. The process under which these actions occur is called patch management.
Timely patching of every organization’s information technology systems is critical to maintaining the operational availability, confidentiality, and integrity of information assets. Failure to keep operating system and application software patched increases the potential risk of serious financial, legal and reputation losses due to information compromise. Losses may result if such assets are compromised as a result of an Internet worm, virus outbreak, or a hacker gaining access through exploitation of unpatched (or otherwise poorly-protected) system vulnerabilities.
For an organization to succeed at effectively managing its system patching, executive management, working with security managers who operate the program, must initiate and support an organization-wide Security Vulnerability and Patch Management Program. This document presents the essential elements for an effective Security Vulnerability and Patch Management Program.
Purpose
This document will assist individuals who have been assigned the task or have identified the need to establish a patch management strategy. This document details methods and approaches to effectively implement a sound patch management process. As stated on page 3, executive support for these programs is absolutely critical to insure their operational success.
ACHIEVING MANAGEMENT SUPPORT
Prior to implementing any organizational security initiative, executive support must be gained for the project. Without such support, efforts carry none of the weight of other organizational requirements. If such support does not exist in the organization, executive support must be sought.
Prior to obtaining support, the project driver must build a strong case to present to executive management. Building a strong business case permits the best method to addressing the needs of executives – proving that patch management directly impacts the bottom line. Obtaining executive support increases the chances for success of an effective patch management program.
Available executive support provides the necessary backbone for ongoing patch management efforts.
Building the Business Case
Building a business case for patch management is the most crucial step to obtaining executive support. Executives require the cost versus benefit of any initiative and how the initiative impacts the business’s bottom line. The following flow-chart illustrates a recommended approach to building a strong case for patch management and vulnerability mitigation:
To download remainder of paper, click link below.
If you're interested in this topic, these articles may be helpful:
 | IBM SOA Development Survival Guide Service Oriented Architecture (SOA) project implementations do not hav... |
| Move a Solaris Containers How To Guides How To Move a Solaris Container This How To Guide instructs users, sy... |
| Application Security by Design Deployed software is continuously under attack. Hackers have been exp... |
| A guide to securing XML and Web services by Jason Bloomberg and Ronald Schmelzer, senior analysts, ZapThink LLC... |
| Rhapsody in MicroC methodology guide from I-Logix Inc. This methodology guide intends to help readers to... |
Related Jobs:
| Senior Network Administrator - CA - Los Angeles - iRise Senior Network Administrator Description We are seeking an experie... |
| Security Engineer #19264 - TX - Austin - Temple-Inland Inc. Job Title: Security Engineer Full/Part Time: Full-Time Type: ... |
| Program Manager #134428 - WA - Redmond - Microsoft Corporation Come and join a team that is developing one of the most critical syste... |
| Systems Engineer #Q05307 - VA - Herndon - BAE Systems Description: Mid to Senior level professional; able to independentl... |
| Support Professional #150469 - NC - Charlotte - Microsoft Corporation Security Support Engineer Can you handle the truth? Security Support... |
| Associate QA Engineer, Java - CA - Palo Alto - WILY Technology, Inc. Associate QA Engineer, Java Brisbane Wily Technology is seeking an... |
| Program Manager #134422 - WA - Redmond - Microsoft Corporation Come and join a team that is developing one of the most critical syste... |
| Database Developer - GA - Norcross - Employease EMPLOYEASE, the leading provider of on-demand software applications fo... |
| Loadrunner performance Tester #2590297 - NH - Nashua - Ajilon Consulting Title : Loadrunner performance Tester Posted : 01-20-2006 ... |
| Software Development Engineer in Test #151331 - WA - Redmond - Microsoft Corporation Do you have what it takes to create the most secure and highest qualit... |
