Manual patching
Explain when manual patching is primarily used, and discuss two risks associated with this practice. Assume you are the director of an organization and construct a short letter of intent to your directors that describes when you would permit manual patching. Discuss whether you agree or disagree with peers on their manual patching policy communication and justify your stance with specific reasons, facts, and examples.
Sample Solution
Manual patching is the process of installing security updates and software updates manually, one system at a time. It is primarily used in the following situations:
- For systems that cannot be patched automatically. This includes systems such as legacy systems, custom-developed software, and systems with critical applications that cannot be interrupted for patching.
- For systems that require additional testing before patching. This includes systems in production environments and systems with sensitive data.
- For systems that are being patched as part of a larger change management process. This includes systems that are being upgraded to a new version of software or systems that are being migrated to a new environment.
Full Answer Section
Risks Associated with Manual Patching Manual patching is a risky practice because it is prone to human error. The following are two of the biggest risks associated with manual patching:- Patches may be missed or not applied correctly. This can leave systems vulnerable to known security vulnerabilities.
- Patching may cause downtime or other disruptions. This is especially true for systems in production environments.
- Manual patching will only be used for systems that cannot be patched automatically or for systems that require additional testing before patching.
- Manual patching will only be performed by trained and authorized personnel.
- Manual patching will be performed in accordance with a documented change management process.
- Manual patching should be used sparingly and only when necessary.
- Manual patching should be performed by trained and authorized personnel.
- Manual patching should be performed in accordance with a documented change management process.
- Manual patching should be used to patch all systems within 72 hours of a patch being released.
- According to a survey by the Ponemon Institute, 60% of organizations have experienced a data breach due to a security patch that was not applied.
- Manual patching is a complex and time-consuming process. It can be difficult to ensure that all systems are patched correctly and without causing any disruptions.
- There have been cases where manual patching has caused major outages for organizations. For example, in 2016, a manual patching error caused a global outage for British Airways.