Here’s one that, at first glance, seems counterintuitive: Some systems may be too important to patch – or rather, too important to patch in a timely manner. The circumstances that really justify that decision are pretty few and far between, though. Most of the time, it’s just laziness or ignorance or even fear (“What if we take the server down and the boss tries to log on and can’t and gets furious with us?”). Over on the SANS site’s ICS Diary, though, Rob VandenBrink comes up with a few examples of servers that really are too important to be taken down for patching. See if you agree:
About The Author
Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.