- Install software patches, updates, and hot fixes in a timely manner to close security holes and potential vulnerabilities. The goal is to implement a robust software patch management process which is important in reducing vulnerabilities in an information system. As patches greatly impact the secure configuration of an information system, the patch management process should be integrated into configuration management at a number of points, as follows.
- Perform security impact analysis of patches
- Test and approve patches as part of the configuration change control process
- Update baseline configurations to include current patch level
- Assess patches to ensure they were implemented properly
- Monitor systems/components for current patch status
- Understand zero-day exploits and zero-day incidents (attacks). Zero-day exploits (i.e., actual code that can use a security vulnerability to carry out an attack) are used or shared by attackers before the software vendor fixes those exploits. A zero-day ...
Get Wiley CIAexcel Exam Review 2014 Focus Notes: Part 3, Internal Audit Knowledge Elements now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.