A good patch management program includes elements of the following plans. Heres a sample policy you can modify for your organizations needs. A patch management policy should have a section detailing what must be done to ensure the security personnel know what to do in this situation. For example, you may want to ensure some systemsusers are patched more frequently and automatically than others the patching schedule for laptop end users may be weekly while patching for servers may be less. Given the current state of security, patch management can easily become overwhelming, which is why its a good idea to establish a patch management policy to define the necessary procedures and responsibilities. Patch management program management policies are codified as plans that direct company procedures. Key fingerprint af19 fa27 2f94 998d fdb5 de3d f8b5 06e4 a169 4e46. Failure to keep system components and other it resources patched securely and on a consistent basis ca. Vulnerability and patch management policy policies and procedures. Liaisons patch management policy and procedure provides the processes and guidelines necessary to. Liaisons patch management policy and procedure provides the processes and guidelines necessary. Inventory can be gathered manually or through automated discovery tools. Maintain the integrity of network systems and data by applying the latest operating system and application security updates patches in a timely manner establish a baseline methodology and timeframe for patching. This is critical to information security because security vulnerabilities are often widely known and exploited by the time that a patch is available from a software vendor.
Patch management policy creation create patching criteria by establishing what will be patched and when, under what conditions. October 2017 updates from cgr and split into two documents. As such, staying on top of patches is a foundational activity for any information technology environment. Patch management is the process of applying fixes and upgrades to software. Configuration management plan, patch management plan, patch testing, backuparchive plan, incident response plan, and disaster recovery plan. Patch management policy v1 2 document control author version date issued changes approval p. For example, many hosts might start downloading the same large patch or bundle of patches at the same time. Common examples are scripts, worms, viruses and trojan horses. In the microsoft patch management tutorial, learn about windows patch management policy, patch maintenance and post patch security as well as what tools you can use for patch management. This document establishes the vulnerability and patch management policy for the university of arizona. Below is an example of the contents that should be part of a patchmanagement policy. If you dont have such a policy in your organization, you can. Liaisons patch management policy and procedure provides the processes and guidelines. Recommended practice for patch management of control systems.
12 9 140 1579 1530 307 1344 1227 350 609 289 691 739 622 973 929 1061 1480 1012 102 173 853 931 268 1218 900 80 1109 1407 332 773 1146 200 1042 838 1000 845 955 249 504 585 1253 968 1295 278 1147 742 232