Pau Lo

<div>
<div class="content wysiwyg-content">
Are there any useful guides which break down into a set of best practices how to handle patching &amp;&nbsp;vulnerability management. Every time we look into it there's just links to commercial tools which you can use to scan for out of date software but whereas it will point out where you aren't doing so well (e.g. outdated software, unsupported software etc), what I am more after is some detailed best practices on how to manage the patching/remediation process in general, considerations that are needed to help define &amp;&nbsp;implement your policies and procedures around etc. If there is such a thing then that would be most helpful. &nbsp;I was going to look through PCI DSS as that is a set of expected controls with some detail rather than just links to an expensive vulnerability scanner or scanning service to tell you how bad/well you are doing.
</div>
</div>


Are there any useful guides which break down into a set of best practices how to handle patching & vulnerability management. Every time we look into it there's just links to commercial tools which you can use to scan for out of date software but whereas it will point out where you aren't doing so well (e.g. outdated software, unsupported software etc), what I am more after is some detailed best practices on how to manage the patching/remediation process in general, considerations that are needed to help define & implement your policies and procedures around etc. If there is such a thing then that would be most helpful.  I was going to look through PCI DSS as that is a set of expected controls with some detail rather than just links to an expensive vulnerability scanner or scanning service to tell you how bad/well you are doing.

patch/vulnerability management process

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.

Network Management

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.