nCircle.com >> nCircle Blog >> Sync

« How does a consumer report PCI non-compliance? | Main | RSA Conference Twitter Badge Mod »

nCircle Announces Patch Priority Index

Each time a vendor releases patches; I always answer the same questions about prioritization. Which new patch is the most important? How is enterprise IT going to be tackling this new work?

At nCircle, we know from customers and other publicly available sources that most companies need at least 60 days to complete a patch deployment cycle. Every day a new deluge of patches are released. Every group of new patches kicks off a new cycle of patch management steps. Each patch must be evaluated, prioritized and scheduled. Information security managers are continually juggling decisions regarding risk, prioritization and resource allocation and the variables change every time a vendor releases a new set of patches

Today, nCircle announced the Patch Priority Index, a monthly ranking of the top 10 highest risk vulnerabilities from key vendors such as Microsoft and Adobe that adjusts to reflect how vulnerability's risk changes over time. The Patch Priority Index (PPI) helps prioritize risk reduction decisions by evaluating new patches within the context of the bigger security picture and acknowledges that all patches may not be deployed before the next group of patches are released.

The idea for this index grew out of community discussions with customers, partners and vendors. Our Patch Priority Index is a free and publicly available service that nCircle is providing as a service to the information security community.

We hope that the service will provide a repeatable, consistent and complimentary metric that IT security teams can use to effectively prioritize the most critical vulnerabilities.

Patch Priority Index rankings are based on key elements of nCircle's Risk Score and includes a critical time component that is unique among scoring systems. This time component prioritizes new patches within the context of all patches previously released by a vendor within the preceding twelve months.

Patch Priority Index debuts for Microsoft vulnerabilities in March and other key
vendors will follow.

The most recent Patch Priority Index may be found here

For information on the nCircle risk score algorithm, please check out our
whitepaper

Posted by Andrew Storms on February 23, 2010 9:09 AM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/368

Comments (1)

geohac:

Interesting. This is definitely needed for Adobe!

Posted by geohac | February 26, 2010 8:51 AM

Posted on February 26, 2010 08:51

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):

Bio

Blog: Sync
Author: Andrew Storms

As nCircle's Director of Security Operations, Andrew Storms is responsible for the definition and enforcement of the company's security compliance programs as well as overseeing day-to-day operations for the Information Technology department.
Andrews' commentary on IT security issues has appeared in CNBC, Forbes and The New York Times, as well as many other publications. He is a Certified Information Systems Security Professional (CISSP) and a member of FBI InfraGard.

About

This page contains a single entry from the blog posted on February 23, 2010 9:09 AM.

The previous post in this blog was How does a consumer report PCI non-compliance?.

The next post in this blog is RSA Conference Twitter Badge Mod.

Many more can be found on the main index page or by looking through the archives.

Search


Subscribe to this blog's feed
[What is this?]