These are some notes I took at TechEd a couple of years ago.
7 Steps to Secure Environment:
- Establish a Security Team
- Security Assessment – What impacts our bottom line? What is normal?
- Risk Analysis – For the Assets
- Write a Security Policy. Enforce it.
- Design Operations Plans and Security Standards
- Implement Training and Awareness Measures
- Perform Ongoing Security Management
10 Immutable Laws of Security Patch Management
- 1: Security patches are a fact of life
- 2: It does no good to patch a system that was never secure to begin with
- 3: There is no patch for bad judgment
- 4: You cannot patch what you do not know you have
- 5: The most effective patch is the one you do not have to apply
- 6: A service pack covers a multitude of patches
- 7: All patches are not created equal
- 8: Never base your patching decision on whether you have seen an exploit code … Unless you have seen an exploit code
- 9: Everyone has a patch management strategy, whether they know it or not
- 10: Patch management is really Risk Management