Patch management still big stumbling block in risk management, survey shows

[InfoSec News <alerts () infosecnews org>]

https://www.networkworld.com/news/2012/052912-mcafee-risk-management-259630.html

By Ellen Messmer
Network World
May 29, 2012

Everyone talks about "risk and compliance" in security, but what do 
companies have to do to make it through audits and meet regulations 
related to information security? And what are the costs?

McAfee asks those questions in its "Risk and Compliance Outlook - 2012" 
survey of 438 IT professionals in the U.S. as well as Europe and Brazil, 
Australia and Singapore, finding the main challenge is getting 
visibility into IT operations. Four out of 5 of those surveyed believe 
"visibility into the risk posture of their IT environment" is important, 
and one-quarter estimated they shaved off six to 10 hours per week in IT 
staff time with good visibility.

But the patching of software remains a chief stumbling block to good 
risk management, according to the findings.

"Before the advent of numerous regulations and the rise of malicious 
code targeting known vulnerabilities, patch management was not a top 
issue for many organizations," states the McAfee report. "Today, patch 
management must be a top priority to mitigate the continuous threat of 
malicious code and compliance failure. These concerns have pushed 
organizations to gain better control and oversight of their information 
assets. This is seen with nearly half of the surveyed organizations 
applying patches monthly and near one-third doing so on a weekly basis."

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org