This security wiki provides guidelines for effective security update management to ensure that your organisation's devices and software remain protected against known vulnerabilities. Follow the recommendations below to establish a robust security update management process.
Indicate whether all operating systems on your devices are supported by a vendor that regularly releases security updates. Answer "yes" or "no" to confirm the availability of regular security updates for your operating systems.
Confirm whether all software on your devices is supported by a supplier that provides regular fixes for security issues. Answer "yes" or "no" to ensure that all software used within your organisation benefits from timely security updates.
List all internet browsers installed on your devices, along with their respective versions. This information helps ensure that your browsers are up to date with the latest security patches.
Provide a list of all malware protection software used on your devices, including their versions. This information ensures that your malware protection tools remain updated to address the latest threats.
List all email applications installed on end-user devices and servers, along with their versions. This helps maintain the security of your email systems by ensuring that they receive relevant security updates.
Provide a list of all office applications used to create organisational data, including their versions. This information ensures that your office applications are updated to address any security vulnerabilities.
Confirm whether all software used by your organisation is properly licensed, following the recommendations provided by the software publishers. Answer "yes" or "no" to ensure compliance with licensing requirements.
Indicate whether all high-risk or critical security updates for operating systems, router firmware, and firewall firmware are installed within 14 days of release. Answer "yes" or "no" to ensure timely patching of critical vulnerabilities.
Answer "yes" or "no" to indicate whether auto-updates are enabled for operating systems, facilitating the automatic installation of security updates.
Describe the process you follow to ensure that high-risk or critical security updates for operating systems and firmware on firewalls and routers are applied within 14 days of release when auto-updates are not enabled.
Confirm whether all high-risk or critical security updates for applications, associated files, and plugins (e.g., Java, Adobe Reader, .NET) are installed within 14 days of release. Answer "yes" or "no" to ensure prompt patching of critical vulnerabilities.
Answer "yes" or "no" to indicate whether auto-updates are enabled for applications, allowing automatic installation of security updates.
Describe the process you follow to ensure that high-risk or critical security updates for applications are applied within 14 days of release when auto-updates are not enabled.
Indicate whether you have removed any unsupported software from your devices that no longer receives regular security updates. Answer "yes" or "no" to ensure the removal of vulnerable software.
Explain how you manage unsupported software necessary for your business needs and ensure it is out of the scope of the assessment. Describe any measures taken to isolate unsupported software from the rest of the network to minimise associated risks.
Implementing effective security update management practices helps protect your organisation's devices and software from known vulnerabilities. Regularly updating operating systems, applications, and associated components is crucial to maintaining a secure IT infrastructure and mitigating the risk of exploitation by malicious actors.
Note: The information provided above is based on general security practices. Organisations should adapt these guidelines to align with their specific requirements and consult with cybersecurity professionals for tailored advice related to security update management.
Find out more about Periculo Cyber Essentials or contact us
Continuous learning for your organisation, our knowledge base to help you grow
*Subscribe to our newsletter
.svg)
