One possible approach is to have a formal, centralized patch and vulnerability group that supports the security efforts of local system administrators.
Specific recommendations for organizations implementing a patch and vulnerability management
program are as follows:
1. Create an inventory of all information technology assets.(建立資訊資產清冊)
2. Create a patch and vulnerability group.(成立弱點修補管理小組)
3. Continuously monitor for vulnerabilities, remediations, and threats.(持續監控與修補漏洞)
CVE Data Feeds https://cve.mitre.org/cve/data_feeds.html
4. Prioritize patch application and use phased deployments as appropriate.(確定修補的優先權,並根據需要使用分階段部署)
5. Test patches before deployment.(部署前先行測試)
6. Deploy enterprise-wide automated patching solutions.(發展企業範圍內的自動化修補策略)
7. Create a remediation database (this is often included within enterprise patch management tools).建立資料庫安全修補)
8. Use automatically updating applications as appropriate.(根據需要使用自動更新的應用程序)
9. Verify that vulnerabilities have been remediated.(驗證漏洞已得到糾正)
10. Train applicable staff on vulnerability monitoring and remediation techniques.(對相關人員進行漏洞監控和修復技術培訓)
依據你組織的資訊資產選擇需要監控(CNA)
CNA依字母排列的清單
微軟安全通知,可註冊後接受微軟安全訊息
Oracle重要補釘更新公告
SAP安全性更新公告
vmware 安全性公告
可透過此方式主動監控系統的弱點與漏洞,確保資訊環境的安全。
沒有留言:
張貼留言