Do you have systems that are "too important to patch"?
Here's one that, at first glance, seems counterintuitive: Some systems may be too important to patch - or rather, too important to patch in a timely manner. The circumstances that really justify that decision are pretty few and far between, though. Most of the time, it's just laziness or ignorance or even fear ("What if we take the server down and the boss tries to log on and can't and gets furious with us?"). Over on the SANS site's ICS Diary, though, Rob VandenBrink comes up with a few examples of servers that really are too important to be taken down for patching. See if you agree: