A-Z Popular New Security Search »
Information Security
 
Related Guides

7 Examples of Patch Management

 , updated on
Patch management is the process of applying fixes and upgrades to software. This is critical to information security because security vulnerabilities are often widely known and exploited by the time that a patch is available from a software vendor. As such, staying on top of patches is a foundational activity for any information technology environment. The following are common examples of patch management.

Vulnerability Monitoring

Monitoring current vulnerabilities and threats to your software environment and pushing vendors for patches. Alternatively, many firms have no idea that a vulnerability exists until a vendor notifies them of a patch. In the worst case, a firm is oblivious to vulnerabilities or patches until they have a problem or hear about a problem in the media.

Patch Analysis

Evaluating a patch to identify and manage risks. In many cases, vendors bundle new features with a patch that may have business impacts. Some security patches are rushed out the door such that they contain bugs or vulnerabilities. It is also possible for a "patch" to completely rearchitect a product such that it has widespread implications for the performance, functions and customizations of software.

Patch Planning

Developing a plan to implement the patch. This may address complex dependencies. For example, if you upgrade firmware you may need to upgrade an operating system which may lead to a need to update applications and so forth. In many cases, you will need to confirm with vendors that their software will be compatible with a patch.

Change Management

The process of deciding whether to implement a patch and if so when it should be implemented. This may involve stakeholders such as business units, customers and technology teams. For example, it is possible for a patch implementation to require downtime that impacts all customers.

Testing

Applying a patch to test environments and running regression tests, user acceptance tests, performance tests and security tests. Deployment procedures are also tested including procedures for rollback.

Deployment

Deploying a patch to critical environments such as production. In many cases, patches are both developed quickly and deployed quickly such that they have an unusually high risk of failing. As such, rollbacks are common.

Configuration Management

Updating configuration management records to reflect a patch including software libraries, documentation and configuration control records.
Overview: Patch Management
Type
Definition
The process of applying fixes and upgrades to software.
Related Concepts

Information Security

This is the complete list of articles we have written about information security.
Audit Trail
Canary Trap
Confidential Information
Critical Infrastructure
Cryptographic Keys
Cryptographic Salt
Cryptography
Cybersecurity Risk
Data Breach
Data Remanence
Data Room
Data Security
Deep Magic
Defense In Depth
Degaussing
Digital Identity
Failure Of Imagination
Geofencing
Hardening
Honeypot
IoT Security
Key Stretching
Network Security
Non-repudiation
Nonce
Operations Security
Overlay Network
Password Entropy
Password Fatigue
Proof Of Work
Sandbox
Secure Code Review
Security As A Service
Security Controls
Zero-day
More ...
If you enjoyed this page, please consider bookmarking Simplicable.
 

Information Security

A list of information security considerations.

Technology Risk Management

A reasonably comprehensive overview of technology risk management.

Root Access

A complete guide to root access.

Not Applicable

The definition of not applicable or N/A with examples.

Air Gap

The definition of air gap with examples.

Offline Software

The definition of offline software with examples.

Personal Data Types

A list of the common types of personal data.

Digital Preservation

The definition of digital preservation with examples.

IT Gaps

An overview of IT gaps with examples.

IT Modernization

An overview of IT modernization with examples.

Network Security

An extensive list of network security techniques.

Cybersecurity Risk

An overview of cybersecurity risk at the organizational level.

IoT Security

The unique problem of security the internet of things.

Service Management

A list of IT service management terms.

SLA vs OLA

The difference between a SLA and a OLA.

Incident vs Problem

The difference between incidents and problems explained.

High Availability

A list of common high availability techniques.

Application Management

The common functions of application management.

Capacity Management

An overview of capacity management.

DevOps

A definition of DevOps with an outline of its components.

IT Services

The definition of IT services with examples.

Process Improvement Examples

An overview of process improvement with examples.
The most popular articles on Simplicable in the past day.

New Articles

Recent posts or updates on Simplicable.
Site Map