Developing a real patch window
------------------------------
|<-->|<-- Deploy -->|
|<-- Avg Patch Time -->|
|<---------------------- Patching Window ------------------------>|
| |<--- Warning Window --->|<-- Mitigation Window (soft action)-->|<-- Unacceptable Zone (hard action) ------------------>
<------|----------------------------------------|------------------------|--------------------------------------|------------------------------------------------------>
| | | |
| | - Find patching issues | | - disable device
Patch | - Fix patching issues | - Disable Vulnerable services
Availability | - Apply patch manually | - restrict network traffic
| | - notify user/system owner
| |
Alert Alert
IMT Users
Deployment Time
???