Patch Management (workstations, mobile devices, servers, network components…)
An internal culture of updating means that the absolute need to constantly update all connected hardware and software, regardless of how they are connected, is understood and integrated into the 'business as usual' of IT management. It is important to keep a constant eye on updates released by software developers.
The objective of patching is to reduce the level of inherent known vulnerabilities and in that way lower your attack surface. When a patch is released, it is rapidly studied by ill-intentioned users, who try to identify the security loopholes that the patch closes. Applying the patch as soon as possible reduces the window of attack for potential exploitation.
All software has a life cycle, including patches for bugs and security loopholes between the major upgrades. The most efficient installation possible of these patches on all relevant machines is important for maintaining the security level. When software is no longer supported it should be removed from every device in your organization. When unsupported software is still necessary a reason why should be given and isolation techniques should be put in place. To prevent end-users from installing (unsupported) software you can have a policy on the installation of legal software. This can be technically implemented by using a whitelist of authorized software.
The updates, preceded by an evaluation of the impact on production, should become a reflex in the proper management of the park, without each time having to discuss their usefulness.