I've taken computer, network, and information security courses at the university level and we always exploited systems and networks via computers without the latest Windows updates. But you may not know a computer has been infected unless you have an antivirus. Needless to say you would want to keep both updated.
To the question: If you were the CISO of a company with many locations and a central IT department that managed the networks remotely, and you could require the local site managers to manually check for one or the other (antivirus or updates), which would you have them check on a monthly basis?
It may sound like a silly question, but a particular company is setup like that and they check for antivirus for a monthly security survey. I'm wondering why they don't check for Windows Updates as well. Maybe they have been directed to do so, but there is no documented requirement except for the antivirus. It doesn't even appear that they have a scheduled restart each week. This allows some computers to go weeks and months without the latest Windows Updates.
I spent 6+ months working in the vulnerability assessment shop of the Network Control Center when I was in the USAF. We used Windows SMS back then, but it was replaced by SCCM shortly after. I was in charge of making sure 2000+ computers receive their updates and as well as regular restarts. I feel like the company I'm referring to does not properly utilize Windows SCCM to configure restarts and updates.
What should I do? I've been working for this company for a few years now. Not in the IT department either.
To the question: If you were the CISO of a company with many locations and a central IT department that managed the networks remotely, and you could require the local site managers to manually check for one or the other (antivirus or updates), which would you have them check on a monthly basis?
It may sound like a silly question, but a particular company is setup like that and they check for antivirus for a monthly security survey. I'm wondering why they don't check for Windows Updates as well. Maybe they have been directed to do so, but there is no documented requirement except for the antivirus. It doesn't even appear that they have a scheduled restart each week. This allows some computers to go weeks and months without the latest Windows Updates.
I spent 6+ months working in the vulnerability assessment shop of the Network Control Center when I was in the USAF. We used Windows SMS back then, but it was replaced by SCCM shortly after. I was in charge of making sure 2000+ computers receive their updates and as well as regular restarts. I feel like the company I'm referring to does not properly utilize Windows SCCM to configure restarts and updates.
What should I do? I've been working for this company for a few years now. Not in the IT department either.
Last edited: