Security Patch Management, Second Edition

Although the patch management process is neither exceedingly technical nor extremely complicated, it is still perceived as a complex issue that’s often left to the last minute or resolved with products that automate the task. Effective patch management is not about technology; it’s about having a formal process in place that can deploy patches to vulnerable systems quickly.

Helping you figure out exactly what to patch and which patches to use, Security Patch Management provides detailed guidance through the process of creating and implementing an effective and efficient patch management process. It uses a format that is easy-to-understand and applicable regardless of the operating system, network device, or patch deployment tool. The author illustrates the proper implementation of patches on devices and systems within various infrastructures to provide the insight required to:

• Design your own patch release process and keep it action ready
• Test the effectiveness of your patches
• Keep up with the latest patch releases
• Prioritize the vulnerabilities that need to be addressed
• Apply patches quickly and without draining essential network resources

This book supplies the tools and guidelines you need to stay one step ahead of the exploits on the horizon. It will help you establish a patch management process that not only protects your organization against zero-day attacks, but also helps you become more proactive when it comes to this critical facet of information security.

About the Author

Felicia Wetter (Nicastro) is Managing Director of the Ethical Hacking Center of Excellence (EHCOE) of BT Global Services. Felicia is responsible for managing the delivery of ethical hacking projects throughout North and South America. With a team of over 40 testers and managers, Felicia interacts with multiple types of clients on a regular basis to ensure that the penetration testing they are having performed provides them with the guidance and information they need to protect themselves from a malicious attack.

With over 12 years in the information security field, Felicia has covered almost every aspect of information security throughout her tenure, including developing and providing an organization with the policies and procedures required to maintain an appropriate security posture. Because of her experience, Felicia clearly understands the needs of an organization, from both a security and an end-user perspective and thus can provide solutions for her customers that allow them to accomplish the needs of the business and to obtain the security posture they desire.

In March 2003, Felicia authored a white paper for International Network Services (INS) titled "Security Patch Management—High-Level Overview of the Patch Management Process." Her article also was published in the November–December 2003 issue of Information Systems Security Journal. Although the importance of the process has remained the same, there have been some major accomplishments in patch management as well as the process, which are changed and expanded on in this book. Felicia earned a B.S. in management information systems from Stockton College in New Jersey. She is also trained as a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), and as a Certified Health Insurance Portability and Accountability Act Security Professional (CHSP).