[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: Re: Questions about industry compliance standard for patching distribution
From: "Michael Givens" <mikegivens () gmail ! com>
Date: 2008-05-08 14:27:54
Message-ID: b3abdafd0805080727p11c1f2aeo3adefb1652d561b () mail ! gmail ! com
[Download RAW message or body]
This really depends on the risk of the asset and the information that is
contained on that asset.
Risk = What security controls are installed on the end point, (other then AV
and the required patches) and what information is contained within the asset
and is it a remote client like laptop?
(controls [x] data classification [x] asset value) should give you an
acceptable patch and AV definition schedule for your industry.
Mike
On Wed, May 7, 2008 at 8:15 PM, Susan Bradley, CPA aka Ebitz - SBS Rocks
[MVP] <sbradcpa@pacbell.net> wrote:
> What industry?
> PCI-DSS states 30 days.
> I don't believe that NIST states a time frame but off the top of my head
> I don't remember.
>
>
>
>
> kellyyang@northwesternmutual.com wrote:
>
>> Hi,
>>
>> I'm looking for industry statistics for patching and anti-virus pattern
>> update standards. For example, what is the acceptable compliance
>> percentage when a patch or anti-virus pattern needs to be applied? What
>> is the acceptable time period for a direct support of the technology to
>> apply the patch or pattern update? Like bringing the endpoints to
>> latest patch or pattern and meeting the acceptable compliance
>> percentage?
>>
>> Any information you could provide would be appreciated.
>>
>> Thank you,
>>
>> Kelly Yang
>> IRM Compliance Team
>> Information Risk Management
>> Northwestern Mutual 414.665.4525
>>
>>
>> This e-mail and any attachments may contain confidential information of
>> Northwestern Mutual. If you are not the intended recipient of this message,
>> be aware that any disclosure, copying, distribution or use of this e-mail
>> and any attachments is prohibited. If you have received this e-mail in
>> error, please notify Northwestern Mutual immediately by returning it to the
>> sender and delete all copies from your system. Please be advised that
>> communications received via the Northwestern Mutual Secure Message Center
>> are secure. Communications that are not received via the Northwestern Mutual
>> Secure Message Center may not be secure and could be observed by a third
>> party. Thank you for your cooperation.
>>
>>
>> ---
>> When posting or replying to messages on this list, please send all
>> emails in plain text format. HTML formatted messages will not be
>> accepted.
>>
>> PatchManagement.org is hosted by Shavlik Technologies
>>
>> To unsubscribe send a blank email to
>> leave-patchmanagement@patchmanagement.org
>> If you are unable to unsubscribe via this email address, please email
>> owner-patchmanagement@patchmanagement.org
>>
>>
>>
>
> ---
> When posting or replying to messages on this list, please send all
> emails in plain text format. HTML formatted messages will not be accepted.
>
> PatchManagement.org is hosted by Shavlik Technologies
>
> To unsubscribe send a blank email to
> leave-patchmanagement@patchmanagement.org
> If you are unable to unsubscribe via this email address, please email
> owner-patchmanagement@patchmanagement.org
>
---
When posting or replying to messages on this list, please send all
emails in plain text format. HTML formatted messages will not be accepted.
PatchManagement.org is hosted by Shavlik Technologies
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[Attachment #3 (text/html)]
<html><html><p><p /></html>
<div>This really depends on the risk of the asset and the information that is \
contained on that asset.</div> <div> </div>
<div>Risk = What security controls are installed on the end point, (other then AV and \
the required patches) and what information is contained within the asset and is \
it a remote client like laptop?</div> <div> </div>
<div>(controls [x] data classification [x] asset value) should give you an acceptable \
patch and AV definition schedule for your industry.</div> <div> </div>
<div>Mike<br><br></div>
<div class="gmail_quote">On Wed, May 7, 2008 at 8:15 PM, Susan Bradley, CPA aka Ebitz \
- SBS Rocks [MVP] <<a \
href="mailto:sbradcpa@pacbell.net">sbradcpa@pacbell.net</a>> wrote:<br> \
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; \
BORDER-LEFT: #ccc 1px solid">What industry?<br> PCI-DSS states 30 \
days.<br> I don't believe that NIST states a time frame but off the \
top of my head I don't remember. <div>
<div></div>
<div class="Wj3C7c"><br><br><br><br><a href="mailto:kellyyang@northwesternmutual.com" \
target="_blank">kellyyang@northwesternmutual.com</a> wrote:<br> <blockquote \
class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: \
#ccc 1px solid">Hi,<br><br>I'm looking for industry statistics for patching and \
anti-virus pattern<br>update standards. For example, what is the acceptable \
compliance<br> percentage when a patch or anti-virus pattern needs to be applied? \
What<br>is the acceptable time period for a direct support of the technology \
to<br>apply the patch or pattern update? Like bringing the endpoints to<br> \
latest patch or pattern and meeting the acceptable \
compliance<br>percentage?<br><br>Any information you could provide would be \
appreciated.<br><br>Thank you,<br><br>Kelly Yang<br>IRM Compliance \
Team<br>Information Risk Management<br> Northwestern Mutual \
414.665.4525<br><br><br>This e-mail and any attachments may contain confidential \
information of Northwestern Mutual. If you are not the intended recipient of this \
message, be aware that any disclosure, copying, distribution or use of this e-mail \
and any attachments is prohibited. If you have received this e-mail in error, please \
notify Northwestern Mutual immediately by returning it to the sender and delete all \
copies from your system. Please be advised that communications received via the \
Northwestern Mutual Secure Message Center are secure. Communications that are not \
received via the Northwestern Mutual Secure Message Center may not be secure and \
could be observed by a third party. Thank you for your cooperation.<br> \
<br><br>---<br>When posting or replying to messages on this list, please send \
all<br>emails in plain text format. HTML formatted messages will not be \
accepted.<br><br>PatchManagement.org is hosted by Shavlik Technologies<br> <br>To \
unsubscribe send a blank email to <a \
href="mailto:leave-patchmanagement@patchmanagement.org" \
target="_blank">leave-patchmanagement@patchmanagement.org</a><br>If you are unable to \
unsubscribe via this email address, please email<br> <a \
href="mailto:owner-patchmanagement@patchmanagement.org" \
target="_blank">owner-patchmanagement@patchmanagement.org</a><br><br> <br></blockquote><br>---<br>When \
posting or replying to messages on this list, please send all<br> emails in plain \
text format. HTML formatted messages will not be \
accepted.<br><br>PatchManagement.org is hosted by Shavlik Technologies<br><br>To \
unsubscribe send a blank email to <a \
href="mailto:leave-patchmanagement@patchmanagement.org" \
target="_blank">leave-patchmanagement@patchmanagement.org</a><br> If you are unable \
to unsubscribe via this email address, please email<br><a \
href="mailto:owner-patchmanagement@patchmanagement.org" \
target="_blank">owner-patchmanagement@patchmanagement.org</a><br></div></div></blockquote>
</div><br>
<html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic