Approach patch management from a policy perspective

I am in charge of developing a patch management policy for our organization (about 450 users). Before I begin creating a patching framework specific to my environment, are there any specific factors I should take into consideration?

It's great that you are approaching the issue of patch management from a policy perspective first -- this is definitely one of the keys to success. For an organization of your size, I would not make the policy overly complicated. At a minimum, ensure the following issues are accounted for in your policy:

Proactively monitoring security issues and patch releases from key vendors

Prioritizing and scheduling patches in your environment

Testing patches in your environment before widespread rollout

Tracking changes and updates to your environment (change management)

Regularly auditing the environment to ensure compliance with general patch management guidelines

For further detail on these issues, see my white paper published on the patchmanagement.org site.

Other resources that should assist you with designing your policy include:

The NIST guide for handling patches

Microsoft's guidelines on the patch management process

Related Resources

A Computer Weekly buyer's guide to desktop computing 2020 –ComputerWeekly.com
Architecting for the future: The benefits of running Windows workloads on AWS –DMI Inc

Dig Deeper on Windows applications

How can platform firmware be protected from attacks? The NIST published guidance on building up platform firmware resiliency. Expert Judith Myerson looks at the NIST guidelines and the major takeaways for enterprises.

What the end of hot patching mobile apps means for enterprise security Apple now restricts mobile app developers from using hot patching, as the technique can change app behavior after it is reviewed. Expert Kevin Beaver goes over enterprise concerns.

Ways to adapt to Microsoft patching changes Microsoft's switch to rollup patching makes it imperative for administrators to streamline the update process for Windows Server systems.

Session Coverage: Best Practices for Maintaining Oracle Fusion Middleware This is part of a series covering sessions at Oracle OpenWorld and JavaOne, 2015 This was a good session for new or intermediate users of Oracle's Fusion middleware. One of the first things Ramirez ...

How to handle a virtual attack Make sure your comprehensive security design also includes an incident policy to help react to an online security breach.

Cloud management platforms key for cloud security A new breed of tools eases the complexities of managing cloud infrastructures, including security.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Enterprise Desktop experts

View all Enterprise Desktop questions and answers

Approach patch management from a policy perspective

Dig Deeper on Windows applications

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchVirtualDesktop

Benefits of virtualization highlighted in top 10 stories of 2019

VMware vs. Citrix: VDI security showdown

Understand VDI market shifts from traditional VDI to cloud

SearchWindowsServer

What admins need to know about Azure Stack HCI

How to manage Exchange hybrid mail flow rules

How to repair Windows Server using Windows SFC and DISM

Related Resources

Dig Deeper on Windows applications

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.