Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction Tools of the Trade You May Ask Yourself... Executive Summary Critical Steps Slipping Under the Radar Epoll Results

• Set a patching policy. Although many organizations have robust policies, most policy frameworks don't require system administrators to keep up with current patches. Make patching mandatory, and define a timeframe within which critical patches must be deployed.

• Implement a patch-management system. Without automation, small organizations struggle with patching efforts, while large enterprises have little hope of staying current. Patch-automation tools and desktop-management systems are crucial elements in reducing risk.

• Implement a vulnerability-assessment effort. VA is necessary not only to identify existing vulnerabilities, but also to serve as the compliance-monitoring arm. Systems should be monitored to ensure that policies have been followed and timely patching has been performed.

• Keep abreast of threats. Subscribing to alert services, such as Network Computing's Security Alert Consensus newsletter at portal.sans.org/nwc), will help you understand and manage operating vulnerabilities.

• Integrate security into design and purchasing cycles. Smart organizations will be proactive in deploying secure products. Do this right the first time and you will spend less time dealing with future security shortcomings, which will translate directly into cost savings.