Content / Category / Special Publications - SP 8. NIST Revises Software Patch Management Guide for Automated Processes. The National Institute of Standards and Technology (NIST) has published for public comment a revised draft of its guidance for managing computer patches to improve overall system security for large organizations. There is increasing pressure across the information security industry to push organizations to perform security risk assessments touted by NIST. IT risk management is the application of risk management methods to Information technology in order to manage IT risk, i.e.: The business risk associated with the use, ownership, operation, involvement, influence and adoption.
Nist Patch Vulnerability Management SystemThe previous version, issued as Creating a Patch and Vulnerability Management Program (NIST Special Publication 8. The guide has been updated for the automated security systems now in use, such as those based on NIST's Security Content Automation Protocol. A . Many patches fix problems related to security. Hackers seek out these vulnerabilities to gain access to a computer and its information, which then can be used to gain access to other vulnerable computers and information. These compromised computers also can be used to attack other computers. To prevent these problems, patches need to be deployed to computer systems quickly to minimize the window of opportunity for attackers. But computer security professionals cannot necessarily just add the patch because of the disruption this might cause, such as inadvertently breaking other applications, causing computers to reboot during patch installation, or consuming all of a smartphone's monthly data allotment. Professionals need to follow a management process for identifying, acquiring, installing and verifying patches for products and systems. Guide to Enterprise Patch Management Technologies is designed to assist organizations in understanding the basics of patch management technologies. Nist Patch Vulnerability Management ProcessIt explains the importance of patch management and examines inherent challenges in performing his function. The guide also provides an overview of enterprise patch management technologies and briefly covers metrics for measuring the technologies' effectiveness and for comparing the relative importance of patches. The guide provides recommendations that organizations should implement to improve the effectiveness and efficiencies of their enterprise management technologies. Organizations should: deploy enterprise patch management tools using a phased approach,reduce the risks associated with enterprise patch management tools by applying standard security techniques that should be used when deploying any enterprise- wide application, andbalance security needs with their usability and availability needs. The publication was created for security managers, engineers, administrators and others responsible for working with security patches. Auditors who need to assess the security of systems may also find the document valuable. The draft of Guide to Enterprise Patch Management Technologies, NIST Special Publication 8. Revision 3, may be downloaded from http: //csrc. Comments on the draft should be submitted by Friday, Oct. Retina delivers large-scale, cross-platform vulnerability assessment & remediation, with available configuration compliance, patch management & reporting.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2016
Categories |