Login  |  Register  |  Contact

Project Quant: Patch Evaluation Phase

Okay, here's my first stab at detailing out the Evaluation phase of the patch management cycle.

As with the Monitor for Advisories phase, I focused on the process, and listed out potential variables for each step in the process. Some of the variables are things like "completeness of ...". While those don't have a direct cost, I'm thinking those will add a cost factor to increase the time involved. For example, if a given asset type isn't properly listed in the asset type list, that could increase the time to evaluate that patch by Y%. For this model I don't expect to determine some hard constant percentage, but hopefully with the survey work we plan on continuing we can at least provide some guidance.

As always, let me know what you think...

(Click to pop up the full-sized image)

image

—Rich

Posted at Thursday 11th June 2009 9:34 am Filed under:

Previous entry: Details: Monitor for Advisories | | Next entry: Application vs. Database Encryption

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

Name:

Email:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: