RobinShaw-IN222-Journal_Week_9

.docx

School

Purdue Global University *

*We aren’t endorsed by this school

Course

222

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

2

Uploaded by BailiffAlpaca3397

Report
Journal Template Student Name: Robin Shaw Course: IN222 Unit: 9 Unit Outcome: Discuss software patch management and application polices. Date: 11/14/2023 Directions: This is a reflective discussion of what you gained from this week’s lab work, discussion, and Seminar. Specifically, you will focus on the course outcome for the unit as you reflect on the two areas below. A minimum of 200 words is required, which includes both sections below (not 200 words per section, but a total of 200 words). Please be as concise as possible in your reflections. Course Learning Outcome: In this unit we learn how to implement methods for system and application hardening. We also learn about the policies for OS security as well as software patch management and application policies. Software patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. Patches are pieces of code that fix bugs, vulnerabilities, or improve the performance of software applications. Patch management is essential for maintaining the security and functionality of IT systems and preventing cyberattacks. Application policies are rules that define how applications are allowed to run on an organization’s network and can help enforce compliance, reduce risks, and optimize performance. Some of the best practices for software patch management and application policies are: Manage expectations : Patching your system is highly underrated as a risk to a business, including the need to roll back the plan. Communicate the patching schedule and potential impacts to the stakeholders and users and get their approval and feedback. Set a disaster recovery plan : Hope for the best but expect the worst; ensure you have a bulletproof disaster recovery strategy. Backup your data and systems before applying patches and test the patches on a non- production environment first. Have a rollback plan in case something goes wrong. Assess risks : Prioritize the patches based on the severity and impact of the vulnerabilities they address, and the criticality and exposure of the systems they affect. Apply the most urgent patches as soon as possible and schedule the less critical ones for a convenient time. Patch testing : Test the patches on a non-production environment first and verify that they work as expected and do not cause any compatibility or performance issues. Use automated tools to scan and validate the patch installation and configuration. Apply patches : Apply the patches to the production environment, following the approved schedule and procedure. Monitor the patching process and report any errors or issues. Verify that the patches are installed correctly and that the systems are functioning properly. Review and audit : Review the patching process and document the results and lessons learned. Audit the patch status and compliance of the systems and applications and identify any gaps or deviations. Update the patch management policy and procedure as needed.
Journal Template Your experiences while participating in all elements of the course this week: Reminder: Google recently released their Vendor Security Assessment Questionnaires for free. This will be helpful in the future. The link to access this information is https://vsaq-demo.withgoogle.com
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help