Building a Successful Anti-malware StrategyCSO blogger Steven Fox and Andrew D. Hayter, anti-malcode program manager for ICSA Labs, discuss the keys to an ironclad security program. Patch management is one of the major themes here.
Does Patch Management Need Patching?A look at why the bad guys have an easy target in those who don't deploy long-available patches.
June's Patching InfernoCore Security Co-founder/CSO blogger Ivan Arce's post on the hell that was Microsoft's June 2009 security update should serve as a reminder that this month's update isn't terribly different from the challenges you've successfully handled before.
How SCAP Brought Sanity to Vulnerability ManagementOrbitz CISO Ed Bellis explains how the proliferation of vulnerability assessment products and services has created chaos, and how SCAP may be the answer.
How to Handle Security Patches With SanityGuest columnist and network administrator Ed Ziots offers his recipe for a sane and solid patch management program.
Podcast: Enterprises Getting Patch Management WrongCSO Senior Editor Bill Brenner and Threatpost's Ryan Naraine talk patch management.
7 Ways Security Pros DON'T Practice What They PreachIT security pros spend oodles of time trying to hammer best practices into the heads of fellow employees. But in an informal poll conducted by CSOonline, many admitted they don't always follow their own advice. That includes deploying security patches in a timely manner.
The Seven Deadly Sins of Network SecurityCompanies that suffer serious network security breaches have almost always committed one (or all) of 7 deadly sins. Is your company guilty of Number 5: Lax Patching Procedures?
A Few Good Information Security MetricsInformation security metrics don't have to rely on heavy-duty math to be effective. They also don't have to be dumbed down. See Metric 2: Patch Latency on page 3.
FUD Watch | Patch Tuesday Panic? No ThanksAre security vendors right to bang the alarm bell every Patch Tuesday? Yes. But only to a point.
Podcast: The Failure of Security InvestmentsSenior Editor Bill Brenner and fellow National Information Security Group (NAISG) board director Jack Daniel explore how security technology investments can be rendered useless by shoddy network configuration practices -- a problem that can be much more vexing than the race to keep up with patch management.