The 10 Immutable Laws of Security Patch Management
I was going through some of my notes and I ran across this. Its a list that was presented a few years ago in a Microsoft webcast and I thought it might be good to post for those who hadn't seen it before.
The 10 Immutable Laws of Security Patch Management
Law # 1: Security patches are a fact of life
Law # 2: It does no good to patch a system that was never secure to begin with
Law # 3: There is no patch for bad judgment
Law # 4: You cannot patch what you do not know you have
Law # 5: The most effective patch is the one you do not have to apply
Law # 6: A service pack covers a multitude of patches
Law # 7: All patches are not created equal
Law # 8: Never base your patching decision on whether you have seen an exploit code … Unless you have seen an exploit code
Law # 9: Everyone has a patch management strategy, whether they know it or not
Law #10: Patch management is really Risk Management
Source:
http://download.microsoft.com/download/0/1/a/01a053e8-3e18-4f73-b8e7-68d53a8232da/Russell_SBB_CA_PatchManagement.ppt