Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Patches and security updates for Operating Systems and critical system components shall be installed.
Guidance
The following should be considered:
- Limit yourself to only install those applications (operating systems, firmware, or plugins ) that you
need to run your business and patch/update them regularly.
- You should only install a current and vendor-supported version of software you choose to use. It may
be useful to assign a day each month to check for patches.
- There are products which can scan your system and notify you when there is an update for an
application you have installed. If you use one of these products, make sure it checks for updates for
every application you use.
- Install patches and security updates in a timely manner.
The organization shall plan, perform, and document preventive maintenance and repairs on its critical system components according to approved processes and tools.
Guidance
The following should be considered:
- Perform security updates on all software in a timely manner.
- Automate the update process and audit its effectiveness.
- Introduce an internal patching culture on desktops, mobile devices, servers, network components,
etc. to ensure updates are tracked.
The organization shall prevent the unauthorized removal of maintenance equipment containing organization's critical system information.
Guidance
This requirement mainly focuses on OT/ICS environments.
The organization shall enforce approval requirements, control, and monitoring of maintenance tools for use on its critical systems.
Guidance
Maintenance tools can include hardware/software diagnostic test equipment, hardware/software packet
sniffers and laptops.
Maintenance tools and portable storage devices shall be inspected when brought into the
facility and shall be protected by anti-malware solutions so that they are scanned for
malicious code before they are used on organization's systems.
The organization shall verify security controls following hardware and software
maintenance or repairs/patching and take action as appropriate.
Patches and security updates for Operating Systems and critical system components shall be installed.
Guidance
The following should be considered:
- Limit yourself to only install those applications (operating systems, firmware, or plugins ) that you
need to run your business and patch/update them regularly.
- You should only install a current and vendor-supported version of software you choose to use. It may
be useful to assign a day each month to check for patches.
- There are products which can scan your system and notify you when there is an update for an
application you have installed. If you use one of these products, make sure it checks for updates for
every application you use.
- Install patches and security updates in a timely manner.
The organization shall plan, perform, and document preventive maintenance and repairs on its critical system components according to approved processes and tools.
Guidance
The following should be considered:
- Perform security updates on all software in a timely manner.
- Automate the update process and audit its effectiveness.
- Introduce an internal patching culture on desktops, mobile devices, servers, network components,
etc. to ensure updates are tracked.
The organization shall prevent the unauthorized removal of maintenance equipment containing organization's critical system information.
Guidance
This requirement mainly focuses on OT/ICS environments.
The organization shall enforce approval requirements, control, and monitoring of maintenance tools for use on its critical systems.
Guidance
Maintenance tools can include hardware/software diagnostic test equipment, hardware/software packet
sniffers and laptops.
Maintenance tools and portable storage devices shall be inspected when brought into the
facility and shall be protected by anti-malware solutions so that they are scanned for
malicious code before they are used on organization's systems.
The organization shall verify security controls following hardware and software
maintenance or repairs/patching and take action as appropriate.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
