Page 6 - index
P. 6
4. Create a backup plan
Design a contingency plan in case something does break during a patch process. You don’t
want to create a situation where you are patching several production servers at once without
backing up critical data or making emergency repair disks.
Back up the data on your workstations, too, and create a restore point or official image disk
of critical files.
5. Test patches first
Test your patches in a lab environment before rolling them out globally. This applies to third-
party and custom applications.
Identify and document the outcome of the patch operation, including tracking what breaks,
where it breaks and how to fix it.
6. Approve patches and define schedules
Approve software patches before rolling them out. If your patch management software
supports update approvals, use this feature.
This gives you better control over the patch process by making sure you approve only the
patches that have been certified by the software vendor or tested in a lab environment.
7. Patch frequently used computers first
Some malware targets your workstations and steals login information and personal data
from your most vulnerable computers—the ones used most often for daily transactions.
These are the computers that need to be patched first.
If you can target users by Active Directory, that’s an added advantage for targeted patch
rollouts.
8. Create pre- and post-installation scenarios
Cyber threats are most commonly aimed at Web browsers and Java and Adobe
applications, so it becomes imperative to prevent failed updates by creating the right pre-
and post-installation scenarios for successful installs, including starting or stopping services,
terminating processes, etc. When testing the patch before deployment, make sure you
decide on the right installation scenario, and replicate the same when deploying the
updates.
9. Assess the post-patch status
You might think you just patched over a thousand workstations and a few hundred servers,
but your post-patch status report could tell you otherwise.
6 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
