In this video, I have covered how patch management works in the organization. What will the thought process of cissp and ccsp aspirants while preparing #patchmanagment topic
Patch Management topic is a very important topic for #cissp and #ccsp exam

Credit CBK and Sybex Book

Patch management is the process that helps acquire, test, and install multiple patches (code changes) on existing applications and software tools
An essential part of Configuration and Change Management

Patch Management Process
Notification
Applicability
Determine impact
Test the patch
Take backup
Apply the patch
Validate installation
Receive user feedback
Prepare for rollback if any error
Document

#cisspdomain7 #securityoperation #ccsptraining

When a vulnerability and patch has been identified, the asset owner should determine if it affects any ICS in the operation.
If it does affect one or more systems, then a work around or alternative action should be considered.
If a work around is found, then the patch should be evaluated and scheduled as part of the regular patch cycle.
If there are no workarounds, then the patch review team will have to analyze the risk associated with the patch.
Factors that are considered in the analysis include the key elements of the vulnerability footprint measured against the potential impact to the business operations. If the risk is high, then an immediate patch may be required. Conversely, if there are strong business constraints or operational concerns related to implementing the patch at a specific time, then it may be necessary to hold off on patching the system until the scheduled maintenance window.
Once the patch has been implemented all applicable documentation and patch records should be updated.