none
not applying patches - study

    Question

  • Hi all,

    I need to prepare a paper with costs associated to not applying security pacthes in an enterprise.

    Therefore, i need to know where cani find figures about how much does non-patching costs companies arround the globe. I found some info about 2004 and 2009, nothing about 2012 or 2011.

    Does anyone knows a source for gathering such information, for free(of course)?

    Thanks,

    mercredi 6 mars 2013 13:51

Réponses

  • Therefore, i need to know where cani find figures about how much does non-patching costs companies arround the globe. I found some info about 2004 and 2009, nothing about 2012 or 2011.

    Maybe the best way to approach this is to look for the costs of attacks, intrusions, and data breaches. Almost every one of those events can be directly traced back to an unpatched system.

    I also feel your pain for even having to justify this question. The question of the risk of not applying security patches in an enterprise ought to be a no-brainer for any executive who can spell c-o-m-p-u-t-e-r, and not require any sort of cost-benefit analysis. One would have had to be living in a desert for the past six months not to have heard of the several incidents directly attributable to Java exploits, and a few others attributable to Adobe Reader or Adobe Flash.

    Here's a couple of current resources to get you started:

    http://www.appsecinc.com/santa-breach/Risks-to-Database-Security-in-2012.pdf

    http://www.cisco.com/web/about/security/intelligence/2013/CRR_feb25-mar3_2013.html


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    jeudi 7 mars 2013 03:24
    Modérateur