Nicastro | Security Patch Management | E-Book | www.sack.de
E-Book

E-Book, Englisch, 284 Seiten

Nicastro Security Patch Management


Erscheinungsjahr 2011
ISBN: 978-1-4398-2500-6
Verlag: Taylor & Francis
Format: PDF
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

E-Book, Englisch, 284 Seiten

ISBN: 978-1-4398-2500-6
Verlag: Taylor & Francis
Format: PDF
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

Although the patch management process is neither exceedingly technical nor extremely complicated, it is still perceived as a complex issue that’s often left to the last minute or resolved with products that automate the task. Effective patch management is not about technology; it’s about having a formal process in place that can deploy patches to vulnerable systems quickly.

Helping you figure out exactly what to patch and which patches to use, Security Patch Management provides detailed guidance through the process of creating and implementing an effective and efficient patch management process. It uses a format that is easy-to-understand and applicable regardless of the operating system, network device, or patch deployment tool. The author illustrates the proper implementation of patches on devices and systems within various infrastructures to provide the insight required to:

- Design your own patch release process and keep it action ready

- Test the effectiveness of your patches

- Keep up with the latest patch releases

- Prioritize the vulnerabilities that need to be addressed

- Apply patches quickly and without draining essential network resources

This book supplies the tools and guidelines you need to stay one step ahead of the exploits on the horizon. It will help you establish a patch management process that not only protects your organization against zero-day attacks, but also helps you become more proactive when it comes to this critical facet of information security.

Nicastro Security Patch Management jetzt bestellen!

Zielgruppe

Primary system engineers that are responsible for deploying patches throughout their organization, CISOs and IT directors and managers responsible for the patch management process, security and network operations staff.

Autoren/Hrsg.

Nicastro, Felicia M.

Fachgebiete

Weitere Infos & Material

Introduction

How to Use This Book

Background

Getting Started Who Owns the Process? People, Process, and Technology Measuring Success Next Steps

Types of Patches Functionality Patches Feature Patches Security Patches

Product Vendor’s Responsibility

Vulnerability to Patch to Exploit

Who Exploits When, Why, and How The Who The When The Why The How

Tracking New Patch Releases Resources for Information

What to Patch

Desktops Standard Build User Awareness Use of Tool

Remote Users Laptops

Servers Windows UNIX and Linux
Network Devices

Network and Systems Management: Information Technology Infrastructure Library
Network and Systems Management

Starting with Process

ITIL Service Support Service Desk Incident Management Problem Management Configuration and Asset Management Change Management Release Management Service Delivery Service-Level Management Financial Management for IT Services Performance and Capacity Management IT Service Continuity Management Availability Management ICT Infrastructure Management Security Management

Assessing and Implementing IT Operations Assessing the IT Operations Capabilities Designing an IT Operations Solution Implementing an IT Operations Solution Putting the IT Operations Solution into Action Outsourcing to a Service Provider

Security Management

Overview Security Operations

Preparing for Security Operations Gather Requirements Selecting the Tools

Establishing Security Operations Methods of Implementation Roles and Responsibilities

Implementing Security Operations Incorporating Security into Operational Processes Process Example

Next Steps

Vulnerability Management

Definition of Vulnerability Management

Vulnerability Management Process Monitor Gather Data Assess the Posture Remediate Rinse and Repeat

Establishing Vulnerability Management Assess Design Implement Review

Next Steps

Tools
Process versus Tools

Where to Use Them Asset Tracking Patch Deployment

How to Determine Which One Is Best Price Leveraging Existing Software Supported Operating Systems Agent-Based versus Agentless Software Products

Tools Evaluated Conducting Comparisons
Testing

Common Issues with Testing The Testing Process Preinstall Activities Patch Installation Test Intended Purpose Test Primary Uses Test Secondary Uses Testing Patch Back Out Approving Deployment

Patch Ratings and How They Affect Testing

Prioritizing the Test Process Externally Facing Hosts Mission-Critical Hosts Critical Users Mobile Devices and Remote Users Clients of Critical Hosts Standard User Systems Internal Network Devices Dynamic Prioritization

The Test Lab

Virtual Machines
Wrapping It Up

Process Life Cycle

Roles and Responsibilities Security Committee Security Group Operations Group Network Operations Center

Analysis Phase of Patch Management Monitoring and Discovery Initial Assessment Phase Impact Assessment Phase
Remediation Phase of Patch Management Patch Course of Action Patch Security Advisory Testing the Patch "Critical" Vulnerabilities Use of a Standard Build

Updating the Operational Environment Distributing the Patch Implementation of Patches Time Frame of Deployment Exceptions to the Rule Updating Remote Users

Tracking Patches Patch Reporting

Putting the Process in Place

Preparing for the Process Assessing Current State Determine Requirements Performing the Gap Analysis

Designing the Process Assessing Network Devices and Systems

Implementation Phase Standard Build Implement the Tool Piloting the Process Moving the Process into Production Update Design Based on Implementation

Operating the Process Integration into Existing Processes Updating Standard Builds Implementation of New Servers Day-to-Day Tool Operations Deployment of Patches

Maintain Organizational Structure Changes Operational Changes Purchase of New or Additional Tool Annual Basis

Patch Management Policy

Conclusion

Challenges

Next Steps

Index

Felicia Wetter (Nicastro) is Managing Director of the Ethical Hacking Center of Excellence (EHCOE) of BT Global Services. Felicia is responsible for managing the delivery of ethical hacking projects throughout North and South America. With a team of over 40 testers and managers, Felicia interacts with multiple types of clients on a regular basis to ensure that the penetration testing they are having performed provides them with the guidance and information they need to protect themselves from a malicious attack.

With over 12 years in the information security field, Felicia has covered almost every aspect of information security throughout her tenure, including developing and providing an organization with the policies and procedures required to maintain an appropriate security posture. Because of her experience, Felicia clearly understands the needs of an organization, from both a security and an end-user perspective and thus can provide solutions for her customers that allow them to accomplish the needs of the business and to obtain the security posture they desire.

In March 2003, Felicia authored a white paper for International Network Services (INS) titled "Security Patch Management—High-Level Overview of the Patch Management Process." Her article also was published in the November–December 2003 issue of Information Systems Security Journal. Although the importance of the process has remained the same, there have been some major accomplishments in patch management as well as the process, which are changed and expanded on in this book. Felicia earned a B.S. in management information systems from Stockton College in New Jersey. She is also trained as a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), and as a Certified Health Insurance Portability and Accountability Act Security Professional (CHSP).

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.