Information Technology Reference
In-Depth Information
ConfigMgr) and Systems Management Server (SMS) produced by Microsoft. There are
also many other commercial software which are used for deploying patches.
Patching servers and workstations is much easier if the enterprise is using the same type
of client and server operating system throughout the enterprise. Due to new technologies
coming on the market which are deployed in our work environments, such as smartphones
and wearable devices, the IS auditor will find different operating systems which will re-
quire a different strategy and approach regarding patching.
Patching is not only for operating systems, but it can also be deployed to patch application
software such as ERP systems or other applications used in the enterprise. A strategy needs
to be developed for patching application systems. It is more challenging for enterprises run-
ning many and different application systems as each will need a different way of applying
the patches.
IS auditors would be keen to know that patches are tested before being deployed. Evidence
can be obtained from patch management documentation. It is recommended that the IT
function should maintain a record of patches which have been tested and deployed so that
IS auditors can review the records in addition to checking deployed patches on the actual
operating or application systems. The records would include date patches were tested, ap-
proval of testing, and type of tests. The IS auditor should also ensure that the enterprise has
clear procedures on how to identify required patches, testing of patches, and finally deploy-
ing of patches.
Antivirus Management
Enterprises should ensure that the IT environment is protected from viruses and other sim-
ilar programs. Viruses do infect computers and render them unusable in many cases. If the
IT environment is not managed properly, it can easily be brought down by viruses which
can also spread to other enterprises through sharing of files and email.
There are new viruses being discovered every day, and many of them are very dangerous
viruses which can be devastating to an IT environment. Companies which produce antivir-
us solutions are always on the lookout for new viruses, and they do quickly produce new
definitions and make them available so that enterprises can protect their IT systems against
new viruses.
There are various types of viruses, and each needs a different strategy of eradication. Some
of the many variants of viruses include:
Virus
Type
#
Description
Search WWH ::




Custom Search