Compliance &
Software Updates
COMP2071
Compliance
What is compliance?
• All enterprises must meet IT Security compliance
standards
• Compliance is dictated by th...
Compliance
What is software compliance?
• Software compliance can include many items
such as
– Hardening servers
– Ensurin...
Software Updates
What are software updates?
• Software updates (or patches) are provided
by a company to patch vulnerabili...
Software Updates
How would these updates be applied?
• Updates should be applied as soon as they are
released
• Vulnerabil...
Software Updates
How are Vulnerabilities Rated?
• If you would like to understand the ratings of
vulnerabilities, you can ...
Software Updates
How does this all apply to this class?
• Updates/patches will usually be applied by the 3rd-
level develo...
Software Updates
• After confirming all updates/patches have completed
successfully, the applications the users need will ...
Software Updates
Can things go wrong?
• Yes! Often when everything gets rolled out
many issues occur
• When these issues o...
Software Updates
Tools
• I want to familiarize you with some of the tools
used for this whole process
• We will be working...
In-Class Simulation
Open mylm and clone the following to your
workspace and we will begin simulation:
COMP2071-WSUS
Upcoming SlideShare
Loading in...5
×

Lesson 11 software & compliance

127

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
127
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Lesson 11 software & compliance

  1. 1. Compliance & Software Updates COMP2071
  2. 2. Compliance What is compliance? • All enterprises must meet IT Security compliance standards • Compliance is dictated by the Information Security department • Compliance can be all encompassing and we will discuss portions of it over the next couple of weeks • This week we will be concentrating on Software Compliance
  3. 3. Compliance What is software compliance? • Software compliance can include many items such as – Hardening servers – Ensuring Antivirus products are installed – Installing updates to fix vulnerabilities – Mitigating vulnerabilities that don’t have patches – Risk Management
  4. 4. Software Updates What are software updates? • Software updates (or patches) are provided by a company to patch vulnerabilities • Some examples of providers are Microsoft, Java, Adobe, Linux, etc. • Vulnerabilities are weaknesses in an Operating System or Software product that could open it to hackers, viruses, malware, and more…
  5. 5. Software Updates How would these updates be applied? • Updates should be applied as soon as they are released • Vulnerabilities that are listed with a high rating are especially important • In the example of Windows, these updates/patches would be applied using a WSUS server or by the Windows update tool (http://technet.microsoft.com/en-us/wsus/bb466190) • For other providers such as Java, the updates would be downloaded from their website
  6. 6. Software Updates How are Vulnerabilities Rated? • If you would like to understand the ratings of vulnerabilities, you can do some reading on “CVSS Scores” • All vulnerabilities are rated using CVSS and it is widely accepted in the same way ITIL is accepted and applied • More information on CVSS can be found here: – http://nvd.nist.gov/cvss.cfm – http://www.first.org/cvss/cvss-guide – http://en.wikipedia.org/wiki/CVSS – I will place the pdf guide on Blackboard as well
  7. 7. Software Updates How does this all apply to this class? • Updates/patches will usually be applied by the 3rd- level development team • After applying updates they can run a scan using tools such as “Microsoft Baseline Security Analyzer (MBSA)” to double check that the updates completed (http://technet.microsoft.com/en-us/security/cc184923) . This is called a Vulnerability Scan • It is important to double check the work, ensure it completed successfully…
  8. 8. Software Updates • After confirming all updates/patches have completed successfully, the applications the users need will be tested to ensure they still function the same • This goes back to last week where the 3rd-level installs then sends to a QA tester to confirm functionality • Updates/patches can cause major issues to applications sometimes, especially in-house applications • After all testing has completed and functionality is confirmed the updates/patches are rolled out to all the desktop users
  9. 9. Software Updates Can things go wrong? • Yes! Often when everything gets rolled out many issues occur • When these issues occur the users will call into the service desk, this would be considered a major outage • A problem record would then be raised for investigation by the 3rd-level team, a known error record would follow soon after • An update may be rolled back if it has a major impact on users
  10. 10. Software Updates Tools • I want to familiarize you with some of the tools used for this whole process • We will be working with: – A WSUS Server – Microsoft Baseline Security Analyzer (MBSA) – Retina VA scanner – Spiceworks Tickets (of course) • Since we can’t simulate a major failure, let’s learn about how to use some of these tools
  11. 11. In-Class Simulation Open mylm and clone the following to your workspace and we will begin simulation: COMP2071-WSUS
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×