Author Description

Timely patching is critical to maintain the operational availability, confidentiality, and integrity of info. tech. (IT) systems. However, failure to keep OS and application software patched is the most common mistake made by IT prof'l's. New patches are released daily, and it is difficult for even experienced system admin. (SA) to keep abreast of all the new patches. Not all vulnerabilities have patches; thus, SA must not only be aware of vulnerabilities and patches, but also mitigate "unpatched" vulnerabilities through other methods. NIST recommends that org. have an explicit and documented patching and vulnerability policy and a systematic, accountable, and documented process for handling patches. Here are principles and methodologies for accomplishing this.