All Questions
5 questions
0votes
1answer
63views
Is using software without buying all available patches against security standards?
Canonical, the publishers of Ubuntu, create their own set of security patches for packages in Ububtu's "universe" repository of community-maintained software. They make these patches ...
- 313
1vote
1answer
380views
Does SOC1/SOC2 mandate installing non Security related patches
I am looking at our patch management control for SQL Server databases and until now the process only requires us to install security patches. Microsoft releases cumulative updates every month and it ...
- 119
7votes
1answer
541views
Is KernelCare kernel patching recognized as a valid method of patching kernels by 3rd party auditors and pen testers?
This is probably more of a compliance question, so if there is a better place to ask, please let me know. Background: It is a long complex story, but we can't easily update our linux kernels due to ...
- 181
4votes
3answers
543views
How can IT audit for installation of IIS Express?
IIS Express is a developer tool for Windows XP and higher which provides the full feature set of IIS, but without needing administrator rights. I've seen discussion by some developers who are ...
- 51.1k
6votes
3answers
787views
Are Windows security updates audited?
An IT guy said that in his company, the Windows updates (small security updates that are downloaded automatically by the Windows autoupdate) are checked by the auditor. ie: the auditor checks if every ...
- 341
