Patching, Malware, Incidents Top Security Time Consumers

Keeping up with patches,maintaining anti-malware defenses and responding to incidents are the most time-consuming activities IT for security professionals, according to InformationWeek figures. How do your figures match up with the survey's findings?If you -- or your security vendor -- are spending about a third of your time dealing with patches, you're right in line with the findings of InformationWeek's 2010 Strategic Survey.

As John Sawyer points out at Dark Reading, changing attack vectors are prompting the uptick in patch management time. With the bad guys aiming their threats at users' machines and endpoints, seeing that every element on your network is fully patched is at least a third-of-the-time security job.

Anti-malware efforts and analysis whacked away another 30% of the respondents' time, with incident response eating a quarter of the remaining clock.

Take a look at how you and your IT security professional support spend your time. Close to the InformationWeek figures? Dramatically different?

Either way you answer those questions, there are some conclusions to be drawn.

1. If you're not spending measurable time on patch management, you've got patching issues, and they need to be addressed now. Unpatched vulnerabilities remain among the most attractive weaknesses for the crooks, and any unpatched vulnerability is a welcome mat for woe.