Updating client hardware definitions
And, as the security trends discussed previously indicate, an effective security management strategy must ensure that software remains up-to-date and as fully protected as possible from worms, viruses, and other information security breaches.
By implementing an effective security management strategy, organizations reap the following business benefits: Microsoft—through a variety of security initiatives—offers products, resources, prescriptive guidance, training, and partners, designed to help customers keep their IT infrastructures healthy and to enjoy the benefits and peace of mind a secure computing environment brings.
According to the Computer Security Institute (CSI), the results of the 2002 CSI/FBI Computer Crime and Security Survey indicate that “the threat from computer crime and other information security breaches continues unabated and the financial toll is mounting.” Ninety percent of the CSI/FBI survey’s respondents detected computer security breaches in 2002.
Of those security breaches, 95 percent occurred because of poor system configuration.
With so much at stake, security requires a commitment of resources—financial, human, and technological—to an enterprise-wide program.
Additionally, the time between when a security update is released and when an exploit for the vulnerability address by the update is available publicly has decreased dramatically, while the security exploits are becoming increasing sophisticated.
The security effort is driving towards the following: Driving major improvements in the area of patch and update management is a key aspect of the Trustworthy Computing initiative.
For example, customers searched four different Web sites for security update management content and complained that the security rating levels were unclear and that terminology and naming conventions were inconsistent.
It also examines various initiatives within Microsoft that promote software security through stronger development processes as well as streamlined patch and update communications and delivery mechanisms.
Finally, it discusses patch and update management tools, including future releases meant to simplify the overall patch and update management process.
The remaining sections of this white paper describe Microsoft’s efforts to significantly improve the security update management process and provide prescriptive guidance for effectively using currently available resources.
The Microsoft Trustworthy Computing initiative, announced by Bill Gates, in January of 2002, as a long-term initiative for the company, focuses on four key tenants: security, privacy, reliability, and business integrity.
This cross-divisional team, the Patch Management Task Force, solicited feedback from all sizes of organizations across the world.