284 Pages
14 B/W Illustrations
by
CRC Press
288 Pages
by
CRC Press
Also available as eBook on:
A comprehensive security patch management process is one of the fundamental security requirements for any IT-dependent organization. Fully defining this process ensures that patches are deployed in an organized, staged manner, resulting in little or no slowdowns or downtime to network infrastructure. Until now, there were no technical books for companies to use as a starting point for deploying... Read more
INTRODUCTION
How to Use This Book
Background
Getting Started
Types of Patches
Product Vendors Responsibility
VULNERABILITY TO PATCH TO EXPLOIT
Who Exploits, When, Why and How
Tracking New Patch Releases
WHAT TO PATCH
Desktops
Remote Users
Servers
Network Devices
NETWORK AND SYSTEMS MANAGEMENT: ITIL
Network and Systems Management
Starting with Process
ITIL
Assessing and Implementing IT Operations
SECURITY MANAGEMENT
Overview
Preparing for Security Operations
Establishing Security Operations
Implementing Security Operations
Next Steps
VULNERABILITY MANAGEMENT
What is Vulnerability Management?
Vulnerability Management Process
Establishing Vulnerability Management
Next Steps
TOOLS
Process versus Tools
Where to Use Them
How to Determine Which One is Best
Tools Evaluated
TESTING
Common Issues with Testing
The Testing Process
Patch Ratings and How They Affect Testing
Prioritizing the Test Process
The Test Lab
Virtual Machines
Wrapping It Up
PROCESS LIFE CYCLE
Roles and Responsibilities
Analysis
Remediation
Update Operational Environment
Tracking
PUTTING THE PROCESS IN PLACE
Plan
Design
Implement
Operate
Maintain
Patch Management Policy
ZERO-DAY ATTACK
The scenario
The solution
Post Mortem
CONCLUSION
Challenges
Next Steps
How to Use This Book
Background
Getting Started
Types of Patches
Product Vendors Responsibility
VULNERABILITY TO PATCH TO EXPLOIT
Who Exploits, When, Why and How
Tracking New Patch Releases
WHAT TO PATCH
Desktops
Remote Users
Servers
Network Devices
NETWORK AND SYSTEMS MANAGEMENT: ITIL
Network and Systems Management
Starting with Process
ITIL
Assessing and Implementing IT Operations
SECURITY MANAGEMENT
Overview
Preparing for Security Operations
Establishing Security Operations
Implementing Security Operations
Next Steps
VULNERABILITY MANAGEMENT
What is Vulnerability Management?
Vulnerability Management Process
Establishing Vulnerability Management
Next Steps
TOOLS
Process versus Tools
Where to Use Them
How to Determine Which One is Best
Tools Evaluated
TESTING
Common Issues with Testing
The Testing Process
Patch Ratings and How They Affect Testing
Prioritizing the Test Process
The Test Lab
Virtual Machines
Wrapping It Up
PROCESS LIFE CYCLE
Roles and Responsibilities
Analysis
Remediation
Update Operational Environment
Tracking
PUTTING THE PROCESS IN PLACE
Plan
Design
Implement
Operate
Maintain
Patch Management Policy
ZERO-DAY ATTACK
The scenario
The solution
Post Mortem
CONCLUSION
Challenges
Next Steps
Biography
Felicia M. Wetter
"Felicia has led the industry in addressing the problems patching systems represent, creating a comprehensive, process-oriented approach to gaining control over the security implications, as well as demonstrating a solution to managing the entire process… The framework Felicia is presenting herein can be applied to any size organization… It is my expectation that you will gain an enormous advantage from this book."
Jim Tiller, CISM, CISA, CISSP, Chief Security Officer and Managing Vice President of Security Services for International Network Services (INS), from the Foreword
