Software patching is a major problem. You know it, we know it, everyone knows it! Patching for software vulnerabilities and security management has been trending as one of the most important IT duties in 2019. That is because unpatched vulnerabilities [...]
Software patching is a major problem. You know it, we know it, everyone knows it! Patching for software vulnerabilities and security management has been trending as one of the most important IT duties in 2019. That is because unpatched vulnerabilities [...]
Software patching is a major problem. You know it, we know it, everyone knows it! Patching for software vulnerabilities and security management has been trending as one of the most important IT duties in 2019. That is because unpatched vulnerabilities [...]
Software patching is a major problem. You know it, we know it, everyone knows it! Patching for software vulnerabilities and security management has been trending as one of the most important IT duties in 2019. That is because unpatched vulnerabilities [...]
Software patching is a major problem. You know it, we know it, everyone knows it! Patching for software vulnerabilities and security management has been trending as one of the most important IT duties in 2019. That is because unpatched vulnerabilities [...]
Software patching is a major problem. You know it, we know it, everyone knows it! Patching for software vulnerabilities and security management has been trending as one of the most important IT duties in 2019. That is because unpatched vulnerabilities [...]
Software patching is a major problem. You know it, we know it, everyone knows it! Patching for software vulnerabilities and security management has been trending as one of the most important IT duties in 2019. That is because unpatched vulnerabilities [...]
And Why Executives Should Care... Threats to network security seem to get announced weekly. Global ransomware attacks like WannaCry cause havoc around the world and billions of dollars in losses. Businesses are actually shuttering due to network attacks that [...]
Software patching is a major problem. You know it, we know it, everyone knows it! Patching for software vulnerabilities and security management has been trending as one of the most important IT duties in 2019. That is because unpatched vulnerabilities [...]
Dave Cunningham, Alvaka's Business Technology Officer, was recently interviewed by Channel Partner Insight regarding Alvaka's narrowing focus on it's Patch Management as a Service offering. Below is an excerpt from the article. See link below to read full article. As [...]
Kevin is a trusted technology and security practitioner and public policy advisor to some of America’s most influential people and organizations. He advises corporate executives, federal and state legislators, law enforcement, high net worth individuals and other business leaders. He is a sought after consultant, writer, presenter and trainer on the issues surrounding personal, physical and cyber security, compliance and advanced technology. Kevin has written for and been interviewed by dozens of national publications and on major television, radio and digital outlets.
Mark Essayian is President of KME Systems Inc., an IT support company he founded in 1993 that provides technology products, process, security and business continuity consulting to a wide range of clients. KME Systems helps clients improve profitability via the way they communicate with and assist their respective clients.
Mr. Essayian’ s background has involved technology for over 30 years. He attended the University of California Irvine where he earned a degree in Physics with an emphasis in computer science and engineering. Mark is expert and passionate about assisting clients along their IT journey to protect their assets, culture and people.
Mark has presented for the Wall Street Journal, SCORE, Microsoft partner network, technology manufacturers, IT peer groups and numerous executive meetings. Mark also currently serves on advisory boards for several manufacturers and is a source of information to the IT industry.
David McNeil is the principal for a leading risk management and commercial insurance brokerage, EPIC Insurance Brokers and Consultants. David speaks on cyber issues for business. He is a recruited member of the Orange County Sheriff’s Technology Advisory Council (TAC); Anaheim Police Department Special Operations TAC; FBI InfraGard (SIG’s Cyber, Dams, Water and Wastewater); and the Homeland Security Defense Group. Specialties include the fields of High Tech, Manufacturing, and U.S. Infrastructure protection regarding the water industry.
Smoke testing is a term used to describe the testing process for servers after patches are applied. The process typically involves making sure servers are rebooted in the right order, making sure they have completely rebooted, restarting applications in the right order, and then testing to be certain everything is working properly when users return to work in the morning.
This typically takes 30 minutes per server, depending upon your environment.
PCs are not typically smoke tested, or if so, not all of them.
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
There are many variables to consider. Some are:
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
For example, someone making $80,000 per year will typically work 52 weeks of 40 hours, or 2080 hours. $80,000 divided by 2080 is $38.46/hour. Multiply that hourly rate by 1.3, and you get $50.00/hour. Of course, rates of pay, taxes and benefits will vary from city, state and company; but 30% is usually a good number to use. Don’t forget to account for time-and-a-half or after-hours rates of pay if patching is being done in the late evening, early morning, or weekends (in order to avoid impacting user productivity).
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
If you are presenting to management for a budget, and using this calculator as the basis for a Return on Investment (ROI), you will need to do more homework. An ROI measures as a ratio of the cost of investment against its expected benefit. For patching, calculating benefit can be very difficult to determine. How do you measure the cost of a system breach you have not yet had? You can estimate what expenses, penalties, and losses a company might incur when a breach occurs; but there is no certainty of a breach event and what those costs actually are. There are also regulatory compliance issues and/or potential fines for not patching, but those, too, can be vague. For calculating these potential risks and costs, it is advisable to enter into a discussion with your management team.