Introducing Forrester's Prioritized Patching Process (P3)

November 11th, 2013

Chris Sherman

John Kindervag

Rick Holland

With contributors:

Stephanie Balaouras , David Brodeur-Johnson , Glenn O'Donnell , Sarah Bookstein

Summary

Criminals want access to your valuable assets, and one of their preferred methods is to exploit vulnerabilities lurking in your software and systems. Typically, these vulnerabilities have available patches that you haven't had time to apply. This is because security teams often discover more vulnerabilities than they can ever possibly hope to address, and the process of first testing and then applying patches is incredibly time-consuming in and of itself. The key is better prioritization — applying those patches that address the most serious vulnerabilities that cybercriminals are the most likely to exploit. Forrester has defined a new scalable process that we call the prioritized patch process (P3, for short). Our contextual approach to prioritization requires business value analysis married with detailed knowledge of the environment and predictive threat modeling. In this report, we outline the process and technology necessary for the adoption of P3.

Want to read the full report?

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.

Introducing Forrester's Prioritized Patching Process (P3)

Leverage Predictive Threat Modeling And Data Value For A Context-Based Approach To Patch Prioritization

Summary

Want to read the full report?