Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Patch Management Policy
.

  • To: "Patch Management Mailing List" <[EMAIL PROTECTED]>
  • Subject: Re: Patch Management Policy
  • From: Jon Pitts <[EMAIL PROTECTED]>
  • Date: Sat, 10 Apr 2004 20:21:20 -0600
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
  • Reply-to: "Patch Management Mailing List" <[EMAIL PROTECTED]>
.
 
Here's a high-level view from NIST. Covers vulnerabilty assessment and
patching for all OS and network devices such as Cisco, etc.

NIST Special Publication 800-40
Procedures for Handling Security Patches
August 2002

Contents
1. Introduction
2. Creating and Implementing a Patching Process
3. Identifying Vulnerabilties and Applicable Patches
4. Gov't Vulnerability Identification Resources
5. Patching Procedures
6. Conclusion
Appendix

jon



 Hi Bill,

 I can't provide you with a template, but here is some priceless second-hand
 information you may find helpful in creating your own PM framework:

 You can Google "Remediator Security Digest To Force or Not Force a Patch" for
 a discussion on the pro's and con's of various approaches.

 I think you may need to develop your own policy based on a few local factors,
 such as

 1. your organizational priorities
 2. your current security policy
 3. your available resources

 You may want to use "best practices" in patch management as a guide, and see
 where you can apply appropriate practices to your organization. Here's a few
 more Googles...

 Microsoft has a decent document..
 "Understanding Patch and Update Management:  Microsoft?s Software Update
 Strategy"

 also a paper presented to SANS on Patch Management..(thank you Carla)
 "Patch Management as a Necessary Part of Defense In Depth"

 Windows and .Net Magazine
 Enterprise Patch Management for Windows


 You may also want to investigate some of the recent articles on competing
 Patch Management products. These articles compare feature sets, and are
 helpful in identifying what features are important for you. This is a recent
 thread so if you want, send me an email and i'll send you some links.

 best of luck,
 Jon


 Jon Pitts
 Systems Manager
 http://www.colorado.edu/research/gcrc/

 "when privacy is outlawed, only outlaws will have privacy"



 Quoting "Dean, Bill" <[EMAIL PROTECTED]>:

  I have been asked to develop a patch management policy for our
  organization. Can anyone tell me where I can find a good template for
  this? I checked SAN.org and the web, but have had no luck.

  Thanks


---
To unsubscribe send a blank email to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.