We are considering switching Linux OS patching from the current quarterly cycle to a monthly cycle. We expect this move to help manage non-OS vulnerabilities effectively within a month as it takes 3 to 6 months otherwise (as we club remediation along with OS patching to optimize server downtime). What are your thoughts, recommendations and what pros and cons do you see?

249 views1 Comment

Sort by:

Executive Vice President, Chief Digital Officer & Head of Cybersecurity in IT Services2 years ago

While the patching cycle on a monthly basis is slightly complex and time consuming, but it will certainly help to manage non-OS vulnerabilities effectively.

Content you might like

Anyone using a transcription service for meeting minute capture for larger meetings that are held in person? If so which tooling are you using? Seen lots of transcription tools for video meetings, but I'm looking to see if anyone has implemented a solution for meetings in person that might have 10 to 12 people in a room.

At your organization, how much regression testing for new app features is done manually vs. how much is automated?

We are not doing regression testing12%

25% manual, 75% automated48%

50% manual, 50% automated28%

100% manual, 0% automated8%

Don't know2%

View Results

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. Scope includes Environment Setup: Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

Will the pressure from recent major ransomware attacks add to employee burnout in an industry that already faces a talent shortage?

Yes65%

No24%

Unsure10%

View Results

Has anyone successfully changed with positive long term business case with reasonable internal costs big players, e.g Microsoft, Salesforce, SAP, ServiceNow?

Sort by:

Content you might like

At your organization, how much regression testing for new app features is done manually vs. how much is automated?

Will the pressure from recent major ransomware attacks add to employee burnout in an industry that already faces a talent shortage?

Has anyone successfully changed with positive long term business case with reasonable internal costs big players, e.g Microsoft, Salesforce, SAP, ServiceNow?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

IT and Infosec Collaboration on Vulnerability Patching

Hybrid Infrastructure

Generative AI for Supply Chain: Usage, Expectations & Roadblocks

Managing Burnout During a Supply Chain Crisis

Take Your Insights On-the-Go