How important is patch management?

Posted by James Hill on Server Fault See other posts from Server Fault or by James Hill
Published on 2013-06-26T17:55:28Z Indexed on 2013/06/26 22:23 UTC
Read the original article Hit count: 346

Filed under:

security

|

windows-update

|

patch-management

|

software-update

|

risk-management

Problem

I'm trying to sell the idea of organizational patch/update management and antivirus management to my superiors. Thus far, my proposition has been met with two responses:

We haven't had any issues yet (I would add that we know of)
We just don't think it's that big of a risk.

Question

Are there any resources available that can help me sell this idea?

I've been told that 55-85% of all security related issues can be resolved by proper anti-virus and patch/update management but the individual that told me couldn't substantiate the claim. Can it be substantiated?

Additional Information

1/5 of our computers (the ones on the building) have Windows update turned on by default and anti-virus installed. 4/5 of our computers are outside corporate and the users currently have full control over anti-virus and Windows updates (I know this is an issue, one step at a time).

© Server Fault or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about windows-update

How to resolve Windows Update Error 8024402F on Windows 7 Home Premium 64bit?

as seen on Super User - Search for 'Super User'
I have been having the same problem with Windows Updates on 2 of my machines at home, both running Windows 7 Home Premium 64-bit. One of the 2 machines is a brand new install, the other has run Windows Update in the past, but is also not working now. When I manually check for updates using the Control… >>> More
Windows update doesn't list update details, only the number of updates

as seen on Server Fault - Search for 'Server Fault'
Hi all, My system is Vista Business 32 bits SP2. When I click "Windows update", I can see there are 2 available optional updates. If I click the link "2 optional updates are available" to see what the updates are, I get: http://leodip.s3.amazonaws.com/windows%5Fupdate2.PNG The details about the… >>> More
Windows Update when Group Policy Forbids

as seen on Super User - Search for 'Super User'
I am in the administrators group for my local Windows XP machine and I would like to get updates via http://update.microsoft.com/[1]. However, this is prevented via the group policy: Network policy settings prevent you from using this website to get updates for your computer. Is there anyway… >>> More
Windows update error: Code 80072F8F (possibly datetime-not-correct, but it is)

as seen on Server Fault - Search for 'Server Fault'
I have a Windows 2008 Server 64bit installation running as a virtual instance with a hosting provider. Windows Update has worked fine until IE8 (along with some other updates) managed to get installed (don't get me started). Now all of a sudden Windows Update fails to run and complains with error… >>> More
Windows Update for auto-complete filename in Explorer

as seen on Super User - Search for 'Super User'
OS: Windows XP SP3 Seems there is a Windows Update improves Explorer interface, adding auto-complete filename feature in open file dialogue, and when press F2 to rename file, the cursor will at filename(cursor here).txt instead of old way - filename.txt(cursor here). Does anyone know which update… >>> More