Re: Patch Management Policy

[Jon Pitts <[EMAIL PROTECTED]>]

Hi Bill,

I can't provide you with a template, but here is some priceless second-hand
information you may find helpful in creating your own PM framework:

You can Google "Remediator Security Digest To Force or Not Force a Patch" for
a discussion on the pro's and con's of various approaches.

I think you may need to develop your own policy based on a few local factors,
such as

1. your organizational priorities
2. your current security policy
3. your available resources

You may want to use "best practices" in patch management as a guide, and see
where you can apply appropriate practices to your organization. Here's a few
more Googles...

Microsoft has a decent document..
"Understanding Patch and Update Management:  Microsoft?s Software Update
Strategy"

also a paper presented to SANS on Patch Management..(thank you Carla)
"Patch Management as a Necessary Part of Defense In Depth"

Windows and .Net Magazine
Enterprise Patch Management for Windows


You may also want to investigate some of the recent articles on competing
Patch Management products. These articles compare feature sets, and are
helpful in identifying what features are important for you. This is a recent
thread so if you want, send me an email and i'll send you some links.

best of luck,
Jon


Jon Pitts
Systems Manager
http://www.colorado.edu/research/gcrc/

"when privacy is outlawed, only outlaws will have privacy"



Quoting "Dean, Bill" <[EMAIL PROTECTED]>:

 I have been asked to develop a patch management policy for our
 organization. Can anyone tell me where I can find a good template for
 this? I checked SAN.org and the web, but have had no luck.

 Thanks








 ---
 To unsubscribe send a blank email to [EMAIL PROTECTED]



---
To unsubscribe send a blank email to [EMAIL PROTECTED]