How important is patch management?

Posted by James Hill on Server Fault See other posts from Server Fault or by James Hill
Published on 2013-06-26T17:55:28Z Indexed on 2013/06/26 22:23 UTC
Read the original article Hit count: 349

Problem

I'm trying to sell the idea of organizational patch/update management and antivirus management to my superiors. Thus far, my proposition has been met with two responses:

  1. We haven't had any issues yet (I would add that we know of)
  2. We just don't think it's that big of a risk.

Question

Are there any resources available that can help me sell this idea?

I've been told that 55-85% of all security related issues can be resolved by proper anti-virus and patch/update management but the individual that told me couldn't substantiate the claim. Can it be substantiated?

Additional Information

1/5 of our computers (the ones on the building) have Windows update turned on by default and anti-virus installed. 4/5 of our computers are outside corporate and the users currently have full control over anti-virus and Windows updates (I know this is an issue, one step at a time).

© Server Fault or respective owner

Related posts about security

Related posts about windows-update