Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Vulnerability and Patch Management module. It is important that you take proactive steps to prevent issues from occurring on your systems and not just take a reactive response when something bad happens. You should have a clear policy in place and you should assign roles to individuals based on their job title.
Before you apply patches, you should always test them in a non-production environment because it's possible that they could break your system. You should remember that for this CISSP examination. In order to avoid zero-day exploits for brand new vulnerabilities, you should deploy the patch as quickly as possible after you perform your testing.
Whenever possible, you should automate patching and retesting whenever you can. Your system and network administrators should be trained on how to maintain their systems at your approved security baseline. You should train all of your users on the actions that they need to take or that they should not take, such as not powering off their systems at the end of the night so that automatic updates can take place.
You should also make sure that you have user policies with very specific privilege settings. Do you want your individual users applying Windows updates, Adobe updates, or Microsoft Office patches and things of that nature? Or do you want your administrators to handle this task? A best practice is to update to newer versions of products such as software and hardware that have better security features built in, in order to protect your organization.
In order to reduce the amount of time that an attacker has to take advantage of a vulnerability on your system, when a zero-day threat occurs, you should have very fast and systematic testing of all patches, and you should roll them out quickly. A zero-day exploit is when an attacker takes advantage of a previously undiscovered vulnerability in a system or a piece of software.
We can see the process at the bottom from when a weakness is found and published to when the vendor is notified and they create a patch. Once the patch is created, it now falls on your system administrators to do their centralized and local testing and then roll out the patch.
Once they roll out the patch to all of your systems, you have now controlled the weakness. It is critical that this process occur quickly in order to protect your systems that are vulnerable. If possible, you should limit your testing and roll out period to 48 hours. And it is important that you remember for the CISSP examination that when a vulnerability is discovered, you should have the patch installed within 48 hours, if possible.
You should use a change management system to maintain records of all of your updates and patches. All updates should be tested in a non-production environment first to make sure it does not damage your systems. A hot site or a test lab will be needed in order for you to test the patches before deploying them on your production systems.
You will most likely need formal approval before making changes in your systems. But you will also have to have a process in place to have emergency changes approved more rapidly than your more traditional updates. Any changes that you implement should be recorded in the change management database. And the system's new configuration status should be updated.
Generally, it is best to roll out patches in phases to specific locations to make sure that it does not cause any problems with your systems. Once you have installed the patches, you will need to run a second vulnerability scan to make sure that the patch successfully disabled whatever vulnerability existed in that system or that piece of software.
This concludes our Vulnerability and Patch Management module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!