Approach patch management from a policy perspective

I am in charge of developing a patch management policy for our organization (about 450 users). Before I begin creating a patching framework specific to my environment, are there any specific factors I should take into consideration?

It's great that you are approaching the issue of patch management from a policy perspective first -- this is definitely one of the keys to success. For an organization of your size, I would not make the policy overly complicated. At a minimum, ensure the following issues are accounted for in your policy:

Proactively monitoring security issues and patch releases from key vendors

Prioritizing and scheduling patches in your environment

Testing patches in your environment before widespread rollout

Tracking changes and updates to your environment (change management)

Regularly auditing the environment to ensure compliance with general patch management guidelines

For further detail on these issues, see my white paper published on the patchmanagement.org site.

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Other resources that should assist you with designing your policy include:

The NIST guide for handling patches

Microsoft's guidelines on the patch management process

Related Resources

The Total Economic Impact of Security-as-a-Service: Alert Logic –Alert Logic
IT Deal Alert Segment Descriptions –TechTarget
IT Deal Alert Sell Sheet –TechTarget
Magic Quadrant for Intrusion Detection and Prevention Systems –Alert Logic

Dig Deeper on Patches, alerts and critical updates

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Enterprise Desktop experts

View all Enterprise Desktop questions and answers

Spectre and Meltdown vulnerabilities show haste makes waste

Software patch/fix

New edition of Windows 10 to take on big data

Windows 10 Creators Update features fall short for IT

New edition of Windows 10 to take on big data

Windows 10 Creators Update features fall short for IT

Windows OS updates get simpler -- but there's a trade-off

Windows Intune helps strapped IT departments with desktop management

Software patch/fix

treemap

RoC (restart on crash)

Windows malware must be top endpoint security priority

Roll call! Take full stock of your desktop inventory

What are some of the biggest software patching myths?

Sysinternals still essential for desktop troubleshooting

Untangling the Gordian knot of the Windows boot process

What causes desktop login and boot times to spiral out of control?

IT can tackle Windows configuration with a well-planned desktop audit

Why a preinstalled application updater may not make life easier for IT

Schedule a software update rather than race automatic rapid deployment

Spectre and Meltdown vulnerabilities show haste makes waste

What causes desktop login and boot times to spiral out of control?

Roll call! Take full stock of your desktop inventory

What are some of the biggest software patching myths?

Please create a username to comment.

The go-to guide for managing VDI users

Buy the right desktop and application virtualization product

Understand the benefits of user profile management software

Azure PowerShell cmdlets monitor, manage VMs

Windows out-of-band patches overshadow April Patch Tuesday

Microsoft Project Honolulu shows promise but needs work

Cloud-based email security tools barricade entry to Exchange

Migrating public folders requires extensive planning

Using Microsoft Exchange certificates requires planning

Related Resources

Dig Deeper on Patches, alerts and critical updates

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.