1st Edition

Curing the Patch Management Headache

By Felicia M. Wetter Copyright 2005
    284 Pages 14 B/W Illustrations
    by CRC Press

    A comprehensive security patch management process is one of the fundamental security requirements for any IT-dependent organization. Fully defining this process ensures that patches are deployed in an organized, staged manner, resulting in little or no slowdowns or downtime to network infrastructure. Until now, there were no technical books for companies to use as a starting point for deploying the process. Curing the Patch Management Headache responds to this demand by tying together all aspects of the subject into one easy-to-understand format that is applicable regardless of the operating system, network device, or patch deployment tool.

    This volume provides CISOs, CIROs, and IT directors and managers with the support and guidance that they need to integrate an effective patch management process into their environments. It emphasizes the importance of patch management and explains why having organizational support for the process drives successful implementation. The book details how patches should be implemented on devices and systems within an infrastructure, and how to distribute them in a timely manner.

    INTRODUCTION
    How to Use This Book
    Background
    Getting Started
    Types of Patches
    Product Vendors Responsibility

    VULNERABILITY TO PATCH TO EXPLOIT
    Who Exploits, When, Why and How
    Tracking New Patch Releases

    WHAT TO PATCH
    Desktops
    Remote Users
    Servers
    Network Devices

    NETWORK AND SYSTEMS MANAGEMENT: ITIL
    Network and Systems Management
    Starting with Process
    ITIL
    Assessing and Implementing IT Operations

    SECURITY MANAGEMENT
    Overview
    Preparing for Security Operations
    Establishing Security Operations
    Implementing Security Operations
    Next Steps

    VULNERABILITY MANAGEMENT
    What is Vulnerability Management?
    Vulnerability Management Process
    Establishing Vulnerability Management
    Next Steps

    TOOLS
    Process versus Tools
    Where to Use Them
    How to Determine Which One is Best
    Tools Evaluated

    TESTING
    Common Issues with Testing
    The Testing Process
    Patch Ratings and How They Affect Testing
    Prioritizing the Test Process
    The Test Lab
    Virtual Machines
    Wrapping It Up

    PROCESS LIFE CYCLE
    Roles and Responsibilities
    Analysis
    Remediation
    Update Operational Environment
    Tracking

    PUTTING THE PROCESS IN PLACE
    Plan
    Design
    Implement
    Operate
    Maintain
    Patch Management Policy

    ZERO-DAY ATTACK
    The scenario
    The solution
    Post Mortem

    CONCLUSION
    Challenges
    Next Steps

    Biography

    Felicia M. Wetter

    "Felicia has led the industry in addressing the problems patching systems represent, creating a comprehensive, process-oriented approach to gaining control over the security implications, as well as demonstrating a solution to managing the entire process… The framework Felicia is presenting herein can be applied to any size organization… It is my expectation that you will gain an enormous advantage from this book."
    Jim Tiller, CISM, CISA, CISSP, Chief Security Officer and Managing Vice President of Security Services for International Network Services (INS), from the Foreword