Security Patch Management

Security Patch Management

by Felicia M. Nicastro


$85.25 $100.00 Save 15% Current price is $85.25, Original price is $100. You Save 15%.

Product Details

ISBN-13: 9781439824993
Publisher: Taylor & Francis
Publication date: 04/26/2011
Pages: 284
Product dimensions: 6.10(w) x 9.30(h) x 0.80(d)

About the Author

Felicia Wetter (Nicastro) is Managing Director of the Ethical Hacking Center of Excellence (EHCOE) of BT Global Services. Felicia is responsible for managing the delivery of ethical hacking projects throughout North and South America. With a team of over 40 testers and managers, Felicia interacts with multiple types of clients on a regular basis to ensure that the penetration testing they are having performed provides them with the guidance and information they need to protect themselves from a malicious attack.

With over 12 years in the information security field, Felicia has covered almost every aspect of information security throughout her tenure, including developing and providing an organization with the policies and procedures required to maintain an appropriate security posture. Because of her experience, Felicia clearly understands the needs of an organization, from both a security and an end-user perspective and thus can provide solutions for her customers that allow them to accomplish the needs of the business and to obtain the security posture they desire.

In March 2003, Felicia authored a white paper for International Network Services (INS) titled "Security Patch Management—High-Level Overview of the Patch Management Process." Her article also was published in the November–December 2003 issue of Information Systems Security Journal. Although the importance of the process has remained the same, there have been some major accomplishments in patch management as well as the process, which are changed and expanded on in this book. Felicia earned a B.S. in management information systems from Stockton College in New Jersey. She is also trained as a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), and as a Certified Health Insurance Portability and Accountability Act Security Professional (CHSP).

Table of Contents

How to Use This Book
Getting Started
Who Owns the Process?
People, Process, and Technology
Measuring Success
Next Steps
Types of Patches
Functionality Patches
Feature Patches
Security Patches
Product Vendor’s Responsibility

Vulnerability to Patch to Exploit
Who Exploits When, Why, and How
The Who
The When
The Why
The How
Tracking New Patch Releases
Resources for Information

What to Patch
Standard Build
User Awareness
Use of Tool
Remote Users
UNIX and Linux
Network Devices

Network and Systems Management: Information Technology Infrastructure Library
Network and Systems Management
Starting with Process
Service Support
Service Desk
Incident Management
Problem Management
Configuration and Asset Management
Change Management
Release Management
Service Delivery
Service-Level Management
Financial Management for IT Services
Performance and Capacity Management
IT Service Continuity Management
Availability Management
ICT Infrastructure Management
Security Management
Assessing and Implementing IT Operations
Assessing the IT Operations Capabilities
Designing an IT Operations Solution
Implementing an IT Operations Solution
Putting the IT Operations Solution into Action
Outsourcing to a Service Provider

Security Management
Security Operations
Preparing for Security Operations
Gather Requirements
Selecting the Tools
Establishing Security Operations
Methods of Implementation
Roles and Responsibilities
Implementing Security Operations
Incorporating Security into Operational Processes
Process Example
Next Steps

Vulnerability Management
Definition of Vulnerability Management
Vulnerability Management Process
Gather Data
Assess the Posture
Rinse and Repeat
Establishing Vulnerability Management
Next Steps

Process versus Tools
Where to Use Them
Asset Tracking
Patch Deployment
How to Determine Which One Is Best
Leveraging Existing Software
Supported Operating Systems
Agent-Based versus Agentless Software Products
Tools Evaluated
Conducting Comparisons

Common Issues with Testing
The Testing Process
Preinstall Activities
Patch Installation
Test Intended Purpose
Test Primary Uses
Test Secondary Uses
Testing Patch Back Out
Approving Deployment
Patch Ratings and How They Affect Testing
Prioritizing the Test Process
Externally Facing Hosts
Mission-Critical Hosts
Critical Users
Mobile Devices and Remote Users
Clients of Critical Hosts
Standard User Systems
Internal Network Devices
Dynamic Prioritization
The Test Lab
Virtual Machines
Wrapping It Up

Process Life Cycle
Roles and Responsibilities
Security Committee
Security Group
Operations Group
Network Operations Center
Analysis Phase of Patch Management
Monitoring and Discovery
Initial Assessment Phase
Impact Assessment Phase
Remediation Phase of Patch Management
Patch Course of Action
Patch Security Advisory
Testing the Patch
"Critical" Vulnerabilities
Use of a Standard Build
Updating the Operational Environment
Distributing the Patch
Implementation of Patches
Time Frame of Deployment
Exceptions to the Rule
Updating Remote Users
Tracking Patches
Patch Reporting

Putting the Process in Place
Preparing for the Process
Assessing Current State
Determine Requirements
Performing the Gap Analysis
Designing the Process
Assessing Network Devices and Systems
Implementation Phase
Standard Build
Implement the Tool
Piloting the Process
Moving the Process into Production
Update Design Based on Implementation
Operating the Process
Integration into Existing Processes
Updating Standard Builds
Implementation of New Servers
Day-to-Day Tool Operations
Deployment of Patches
Organizational Structure Changes
Operational Changes
Purchase of New or Additional Tool
Annual Basis
Patch Management Policy

Next Steps


Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews