Scheduled System Maintenance:
On May 6th, single article purchases and IEEE account management will be unavailable from 8:00 AM - 5:00 PM ET (12:00 - 21:00 UTC). We apologize for the inconvenience.
By Topic

Reducing Internet-based intrusions: Effective security patch management

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Brykczynski, B. ; Software Productivity Consortium, Herndon, VA, USA ; Small, R.A.

The Software Productivity Consortium (the Consortium) has been investigating methods for improving and measuring four essential defenses against Internet-based threats: security patch management, system and application hardening, network reconnaissance and enumeration, and tools against malicious software. These defenses increasingly are critical to an organization's information security posture and should be implemented in an effective, systematic, and repeatable fashion. Senior-level managers or executives should review process measurement data regularly to ensure that these defenses are being performed properly and to provide an objective basis for organizational improvement. This article focuses on lessons learned implementing improvements in the first of these defenses, security patch management, and is derived largely from pilot projects conducted in collaboration with Consortium members. The need for improved security patch management figured prominently in the recent draft cyber security strategy issued by the White House. The practices examined in this article can assist organizations in substantially reducing the risk from Internet-based compromises.

Published in:

Software, IEEE  (Volume:20 ,  Issue: 1 )