
Information Security ontheCheap ◾ 89
Similarly, some systems will routinely need to be patched sooner. e systems exposed to the
Internet have the greatest likelihood of being attacked. erefore, they should be handled differ-
ently. Some organizations decide to patch all these systems immediately, with minimal testing.
Whereas some organizations simply lower the threshold for what is needed to trigger an emergency
patch cycle.
In managing a patch cycle, then, it is important to decide which patches should be applied to
which systems and when. Which patches should be emergency fixes and which patches can wait
for the patch cycle? In general, ...