Security Management Strategies for the CIO
Email Alerts
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Patch management quiz answers
Security Quiz Answer
-
Prove your patching prowess
Is Patch Tuesday the bane of your existence? Take our quiz and learn best practices for better patch management. Security Quiz
-
Curing the Patch Management Headache: Common Issues with Testing
In this excerpt from Chapter 8 of Curing the Patch Management Headache, author Felicia M. Nicastro explains the importance of properly testing patches and the common challenges some organizations face. Book Chapter
-
Pitching patch: BigFix
Information Security maga
-
Pitching patch: RFP bakeoff
Information Security magazine asked vendors to propose a patch system for a fictional enterprise. Their responses reveal more than just their product spec sheets. Information Security maga
-
Infosec Know IT All Trivia: Patch management
Get up to speed on patch management with our trivia. Quiz
-
Patch Tuesday September 2013: Critical bulletins for Office, SharePoint, IE
The September 2013 Patch Tuesday releases included 13 bulletins from Microsoft, four deemed critical. News | 10 Sep 2013
-
Microsoft August 2013 Patch Tuesday offers three critical updates
The software giant issued three critical patches and 23 total fixes covering Windows, Internet Explorer and Exchange. News | 13 Aug 2013
-
July 2013 Patch Tuesday: Critical fixes, but in a lazy summer sort of way
July's Patch Tuesday found Microsoft rolling out seven patches, six of which are rated as critical. News | 09 Jul 2013
-
Office, 32-bit Windows fixes included in Patch Tuesday update
Microsoft offered five bulletins in June's Patch Tuesday updates, with 19-vulnerability critical Internet Explorer patch and Windows Server 2008 fixes. News | 11 Jun 2013
-
Case Study: US supermarket chain solves security challenge virtually
A US supermarket chain has implemented an endpoint security system to secure legacy applications and to save additional development Case Study | 30 May 2013
-
May 2013 Patch Tuesday fixes IE8 zero day; Adobe tightens ColdFusion
The software giant's May 2013 Patch Tuesday update permanently fixes the IE8 zero-day flaw found in the Dept. of Labor website attack. News | 15 May 2013
-
Secunia: More focus needed on third-party application security
Secunia highlights the growing need for better third-party application security, plus Microsoft's security improvements, and the growing cost of zero-days. News | 14 Mar 2013
-
March 2013 Patch Tuesday brings Internet Explorer 8, 'evil maid' fixes
March's Patch Tuesday updates contain fixes for Internet Explorer 8 and a USB drive exploit. Plus, the company released non-security updates. News | 13 Mar 2013
-
Internet Explorer vulnerabilities fixed in December 2012 Patch Tuesday
Microsoft released seven security bulletins, addressing flaws in Internet Explorer, Word and Windows kernel-mode drivers. News | 11 Dec 2012
-
Patch Tuesday: Five critical bulletins, Exchange Server fix expected
In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word. News | 06 Dec 2012
- See more News on Security patch management and Windows Patch Tuesday news
-
Software patching 2.0: Cutting costs with virtual patching, automation
Struggling to bring the cost of the patch management process down? Expert Michael Cobb suggests virtual patching and automated tools can play a role. Tip
-
Options for mitigating digital security certificate problems
Is your enterprise struggling with digital security certificate problems? Expert Nick Lewis discusses mitigations for digital certificate attacks. Tip
-
Windows MBSA scan demo: Conducting a Windows security review
In this screencast, Mike McLaughlin shows how a Windows MBSA scan can help determine client and server patch status during a Windows security review. Tip
-
Zero-day vulnerabilities and the patch management process: To test or not to test?
Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing. Tip
-
How to test Windows operating system patches
Windows patch testing may be easy when it comes to applications like Outlook. Tom Chmielarski reviews how to test more difficult updates to the operating system. Tip
-
Use virtual patching to ease short-staffed patch management procedures
Virtual patching can serve as a quick way to deal with patch management procedures when short staffed. But how effective is virtual patching? Michael Cobb explains the pros and cons of virtual patching in this technical tip. Tip
-
Server Message Block Version 2 security in question: Disable or patch?
Nick Lewis reviews the recent vulnerability discovered in a popular Windows file-sharing and printing protocol. Yes, there's a patch, but should you deploy it, or simply disable SMBv2? Tip
-
Microsoft Baseline Security Analyzer: Do updates offer improved Windows security?
The Microsoft Baseline Security Analyzer has always been useful at scanning Windows environments for the presence or absence of security updates. Now, see how the latest version adds support for Windows Vista and Windows Server 2008 to its bag of tri... Tip
-
Database patch denial: How 'critical' are Oracle's CPUs?
A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security defenses or find Oracle's patches to be more of a nuisan... Tip
-
Worst practices: Encryption conniptions
Through the years, SearchSecurity.com's expert contributors have no doubt spent much of their time pointing out a variety of security best practices. But what about the worst practices? In honor of April Fools' Day, network security expert Mi... Tip
- See more Tips on Security patch management and Windows Patch Tuesday news
-
Adjusting third-party patch management after Flash updates move
Expert Michael Cobb details whether third-party patch management program changes are necessary after the Adobe Flash marriage to Patch Tuesday. Answer
-
How Microsoft security assessment tools can benefit your enterprise
Expert Michael Cobb explains how Microsoft security assessment tools can find and help your enterprise fix vulnerabilities in its Windows environment. Answer
-
Valuable third-party patch deployment software, tools
Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your enterprise. Ask the Expert
-
Is a full vulnerability disclosure strategy a responsible approach?
When it comes to vulnerability disclosure, is it responsible for an infosec research firm to release all the details of a flaw before patching measures are in place? Expert Nick Lewis examines the question in this response. Ask the Expert
-
Creating a third-party security policy to prevent a software exploit
Third-party software vulnerabilities are one of the most likely attack vectors in the information security landscape today. In this expert response, Nick Lewis discusses how to prevent these vulnerabilities from becoming exploits. Ask the Expert
-
What patch management metrics does Project Quant use?
In this Q&A, expert Michael Cobb reviews the open patch management metrics model called Project Quant. Ask the Expert
-
Should management processes change based on a patch release schedule?
Expert Michael Cobb explains why planned patch release schedules, though helpful, may alter they way you handle the deployment of your own updates. Ask the Expert
-
Should Windows Mobile updates come from Microsoft?
As mobile phones become more like mini PCs, they need similar add-on security tools and patch processes to keep them safe. Michael Cobb reviews how to manage Windows Mobile updates. Ask the Expert
-
How to manage patches for Adobe
If you're dealing with a continuous flow of patches, particularly from Adobe, application security expert Michael Cobb feels your pain. Ask the Expert
-
When is it suitable to remove Java updates?
In this expert response, Michael Cobb explains when older Java updates should be removed from client systems. Ask the Expert
- See more Expert Advice on Security patch management and Windows Patch Tuesday news
-
attack vector
An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Definition
-
zero-day exploit
A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known...(Continued) Definition
-
Patch Tuesday
Patch Tuesday, also known as Black Tuesday, is the second Tuesday of each month, when Microsoft releases the newest fixes for its Windows operating system and related software applications. Definition
-
back door
A back door is a means of access to a computer program that bypasses security mechanisms. Definition
-
ethical worm
An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities. Definition
-
RSA 2013: Brad Arkin outlines state of Adobe security, update strategy
Video: Adobe software security chief Brad Arkin discusses how his firm is responding to the recent increase in zero-day flaws. Video
-
IT patch management best practices: Overcoming the challenges
This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes. Video
-
IE9 security, Apple security issues: Video with Gartner’s Neil MacDonald
In this video, Gartner’s Neil MacDonald discusses patch management, IE9 security, his Windows 8 security wish list and protecting Apple computers. Video
-
Adobe: Automatic updates and creating 'perfect' software
Brad Arkin discusses Adobe's addition of automatic update downloads for Reader and Acrobat, and why it took Adobe so long to offer automatic updates. Plus he tackles the feasibility of making "perfect" software. Video
-
Vulnerability mitigation study shows need for faster patching
Qualys CTO Wolfgang Kandek says vendors and administrators need to find ways to speed up the patching cycle. Video
-
Patch Tuesday September 2013: Critical bulletins for Office, SharePoint, IE
The September 2013 Patch Tuesday releases included 13 bulletins from Microsoft, four deemed critical. News
-
Microsoft August 2013 Patch Tuesday offers three critical updates
The software giant issued three critical patches and 23 total fixes covering Windows, Internet Explorer and Exchange. News
-
July 2013 Patch Tuesday: Critical fixes, but in a lazy summer sort of way
July's Patch Tuesday found Microsoft rolling out seven patches, six of which are rated as critical. News
-
Office, 32-bit Windows fixes included in Patch Tuesday update
Microsoft offered five bulletins in June's Patch Tuesday updates, with 19-vulnerability critical Internet Explorer patch and Windows Server 2008 fixes. News
-
Case Study: US supermarket chain solves security challenge virtually
A US supermarket chain has implemented an endpoint security system to secure legacy applications and to save additional development Case Study
-
May 2013 Patch Tuesday fixes IE8 zero day; Adobe tightens ColdFusion
The software giant's May 2013 Patch Tuesday update permanently fixes the IE8 zero-day flaw found in the Dept. of Labor website attack. News
-
Adjusting third-party patch management after Flash updates move
Expert Michael Cobb details whether third-party patch management program changes are necessary after the Adobe Flash marriage to Patch Tuesday. Answer
-
Secunia: More focus needed on third-party application security
Secunia highlights the growing need for better third-party application security, plus Microsoft's security improvements, and the growing cost of zero-days. News
-
March 2013 Patch Tuesday brings Internet Explorer 8, 'evil maid' fixes
March's Patch Tuesday updates contain fixes for Internet Explorer 8 and a USB drive exploit. Plus, the company released non-security updates. News
-
RSA 2013: Brad Arkin outlines state of Adobe security, update strategy
Video: Adobe software security chief Brad Arkin discusses how his firm is responding to the recent increase in zero-day flaws. Video
- See more All on Security patch management and Windows Patch Tuesday news
About Security patch management and Windows Patch Tuesday news
Patch management can be a full-time job by itself. Get advice on how to install a patch, patch deployment, tools, and policy. Also learn how to protect systems, such as Microsoft Windows, from flaws and vulnerabilities with the latest Patch Tuesday updates and fixes.