Curing the Patch Management Headache: 1st Edition (Hardback) book cover

Curing the Patch Management Headache

1st Edition

By Felicia M. Wetter

CRC Press

288 pages | 14 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849328541
pub: 2005-02-18
SAVE ~$28.00
$140.00
$112.00
x
eBook (VitalSource) : 9780429117091
pub: 2005-02-18
from $70.00


FREE Standard Shipping!

Description

A comprehensive security patch management process is one of the fundamental security requirements for any IT-dependent organization. Fully defining this process ensures that patches are deployed in an organized, staged manner, resulting in little or no slowdowns or downtime to network infrastructure. Until now, there were no technical books for companies to use as a starting point for deploying the process. Curing the Patch Management Headache responds to this demand by tying together all aspects of the subject into one easy-to-understand format that is applicable regardless of the operating system, network device, or patch deployment tool.

This volume provides CISOs, CIROs, and IT directors and managers with the support and guidance that they need to integrate an effective patch management process into their environments. It emphasizes the importance of patch management and explains why having organizational support for the process drives successful implementation. The book details how patches should be implemented on devices and systems within an infrastructure, and how to distribute them in a timely manner.

Reviews

"Felicia has led the industry in addressing the problems patching systems represent, creating a comprehensive, process-oriented approach to gaining control over the security implications, as well as demonstrating a solution to managing the entire process… The framework Felicia is presenting herein can be applied to any size organization… It is my expectation that you will gain an enormous advantage from this book."

Jim Tiller, CISM, CISA, CISSP, Chief Security Officer and Managing Vice President of Security Services for International Network Services (INS), from the Foreword

Table of Contents

INTRODUCTION

How to Use This Book

Background

Getting Started

Types of Patches

Product Vendors Responsibility

VULNERABILITY TO PATCH TO EXPLOIT

Who Exploits, When, Why and How

Tracking New Patch Releases

WHAT TO PATCH

Desktops

Remote Users

Servers

Network Devices

NETWORK AND SYSTEMS MANAGEMENT: ITIL

Network and Systems Management

Starting with Process

ITIL

Assessing and Implementing IT Operations

SECURITY MANAGEMENT

Overview

Preparing for Security Operations

Establishing Security Operations

Implementing Security Operations

Next Steps

VULNERABILITY MANAGEMENT

What is Vulnerability Management?

Vulnerability Management Process

Establishing Vulnerability Management

Next Steps

TOOLS

Process versus Tools

Where to Use Them

How to Determine Which One is Best

Tools Evaluated

TESTING

Common Issues with Testing

The Testing Process

Patch Ratings and How They Affect Testing

Prioritizing the Test Process

The Test Lab

Virtual Machines

Wrapping It Up

PROCESS LIFE CYCLE

Roles and Responsibilities

Analysis

Remediation

Update Operational Environment

Tracking

PUTTING THE PROCESS IN PLACE

Plan

Design

Implement

Operate

Maintain

Patch Management Policy

ZERO-DAY ATTACK

The scenario

The solution

Post Mortem

CONCLUSION

Challenges

Next Steps

Subject Categories

BISAC Subject Codes/Headings:
BUS087000
BUSINESS & ECONOMICS / Production & Operations Management
COM032000
COMPUTERS / Information Technology
COM043000
COMPUTERS / Networking / General
COM053000
COMPUTERS / Security / General