Journal Article10.1109/MS.2003.1159029
Reducing Internet-based intrusions: Effective security patch management
B. Brykczynski,R.A. Small +1 more
48
TL;DR: The Software Productivity Consortium (the Consortium) has been investigating methods for improving and measuring four essential defenses against Internet-based threats: security patch management, system and application hardening, network reconnaissance and enumeration, and tools against malicious software as discussed by the authors.
read more
Abstract: The Software Productivity Consortium (the Consortium) has been investigating methods for improving and measuring four essential defenses against Internet-based threats: security patch management, system and application hardening, network reconnaissance and enumeration, and tools against malicious software. These defenses increasingly are critical to an organization's information security posture and should be implemented in an effective, systematic, and repeatable fashion. Senior-level managers or executives should review process measurement data regularly to ensure that these defenses are being performed properly and to provide an objective basis for organizational improvement. This article focuses on lessons learned implementing improvements in the first of these defenses, security patch management, and is derived largely from pilot projects conducted in collaboration with Consortium members. The need for improved security patch management figured prominently in the recent draft cyber security strategy issued by the White House. The practices examined in this article can assist organizations in substantially reducing the risk from Internet-based compromises.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Measuring, analyzing and predicting security vulnerabilities in software systems
TL;DR: This work investigates if it is possible to predict the number of vulnerabilities that can potentially be present in a software system but may not have been found yet, and indicates that the values of vulnerability densities fall within a range of values, just like the commonly used measure of defect density for general defects.
262
Information security strategies: towards an organizational multi-strategy perspective
TL;DR: A qualitative study to determine how organizations implement security strategies to protect their information systems in Korea reveals a deeply entrenched preventive mindset, driven by the desire to ensure availability of technology and services, and a comparative ignorance of exposure to business security risks.
Application of Vulnerability Discovery Models to Major Operating Systems
TL;DR: Six models that have been recently proposed are analyzed, and those using actual data for four major operating systems are evaluated, showing that some of the models tend to capture the discovery process better than others.
Modeling the vulnerability discovery process
Omar H. Alhazmi,Yashwant K. Malaiya +1 more
- 08 Nov 2005
TL;DR: The models for the vulnerability discovery process are examined both analytically and using actual data on vulnerabilities discovered in three widely-used systems.
Patent
Patch management system
David Felts
- 06 Oct 2006
TL;DR: In this article, a patch management system can be used for maintaining patches downloaded for software, which can ensure that there are no conflicts between the installed patches, and can also be used to ensure the integrity of the downloaded patches.
105
References
•Book
The Balanced Scorecard: Translating Strategy into Action
Robert S. Kaplan,David P. Norton +1 more
- 01 Jan 1996
TL;DR: The Balanced Scorecard approach retains traditional financial measures which reflect past organizational acheivements, but adds three new measures of future performance found necessary in this information age with its focus on customer relationships and long-term capabilities: customer, internal business process and learning and growth.
8.1K
Building secure software: how to avoid security problems the right way
TL;DR: This book defines a wide range of techniques which may be used for use case modeling, and gives the bnsinc~-oriented software analyst a variety of advanced approaches which also comply with the UML specification.
704
•Proceedings Article
Timing the Application of Security Patches for Optimal Uptime
Steve Beattie,Seth R. Arnold,Crispin Cowan,Perry Wagle,Chris Wright,Adam Shostack +5 more
- 08 Nov 2002
TL;DR: A model is presented that will help provide a formal foundation for when the practitioner should apply security updates, providing both mathematical models of the factors affecting when to patch and collecting empirical data to give the model practical value.
Managing vulnerabilities in networked systems
TL;DR: The Common Vulnerabilities and Exposures (CVE) initiative seeks the adoption of a common naming practice for describing software vulnerabilities, which will be included within security tools and services and on the fix sites of commercial and open source software package providers.
Related Papers (5)
Adam Gordon
- 08 Apr 2015
E. Rescorla
- 01 Jan 2005
Mohammad Reza Razian,Hasan Mokhtari Sangchi +1 more
- 22 Dec 2014