The objective of vulnerability and patch Management process is to keep the components that form part of information technology infrastructure (hardware, software and services) up to date with the latest patches and updates.
Vulnerability and patch management is an important part of keeping the components of the information technology infrastructure available to the end user. Without regular vulnerability testing and patching, the information technology infrastructure could fall foul of problems which are fixed by regularly updating the software, firmware and drivers. Poor patching can allow viruses and spyware to infect the network and allow security weaknesses to be exploited.
These rules apply to all components of the information technology infrastructure and includes:
All users have a role to play and a contribution to make by ensuring that they allow patches to be deployed to their equipment.
Without effective vulnerability and patch management there is the risk of the unavailability of systems. This can be caused by viruses and malware exploiting systems or by out of date software and drivers making systems unstable.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. RULES APPLIED FOR PATCH AND VULNERABILITY MANAGEMENT
3.1 UP TO DATE INVENTORY
3.2 VULNERABILITY SCANNING
3.3 IDENTIFYING PATCHES TO BE APPLIED
3.4 TYPES OF PATCHES
3.5 ROLES AND RESPONSIBILITIES
3.6 REQUIREMENTS FOR NEW APPLICATIONS
4. STEPS IN THE APPLICATION OF THE PATCHES
4.2 APPROVAL PHASE
4.3 DEPLOY ON THE TEST MEDIA
4.4 ANALYSIS AND TESTING (SANITY CHECK)
4.5 APPLICATION IN PRODUCTION (GO LIVE)
4.6 MONITORING AND REPORTING
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
7. ANNEX 1 – SEVERITY RATING
This bundle contains all the products listed in the Program Development and Change Management section. Take advantage of the 25% OFF when buying the bundle!
The objective of the Equipment Hardening Procedure is to ensure that the equipment used by the Company are addressed by an equipment hardening process for securing and consequently protecting the systems against unauthorized access, modification and disclosure.
Adequate Capacity Management Policy must be defined and implemented at the Company, in order to be possible to correctly monitor the performance of the existing or future Company systems, to forecast their future evolution and identify possible bottlenecks.