Initial commit - 611 cybersecurity skills across all subdomains

skills/implementing-patch-management-workflow/references/standards.md

@@ -0,0 +1,28 @@
+# Standards and References - Patch Management Workflow
+
+## Industry Standards
+- **NIST SP 800-40 Rev 4**: Guide to Enterprise Patch Management Planning
+- **NIST SP 800-53 SI-2**: Flaw Remediation control
+- **CIS Controls v8 Control 7.3**: Perform automated patch management
+- **PCI DSS v4.0 Req 6.3**: Identify and address security vulnerabilities
+- **ISO 27001:2022 A.8.8**: Management of technical vulnerabilities
+
+## Patch Management Tools
+| Tool | Platform | Type | License |
+|------|----------|------|---------|
+| WSUS | Windows | Microsoft native | Free with Windows Server |
+| SCCM/MECM | Windows/Linux | Enterprise endpoint management | Microsoft licensing |
+| Ansible | Linux/Windows | Agentless automation | Open source / Red Hat |
+| Intune | Windows/macOS/iOS/Android | Cloud MDM/MAM | Microsoft 365 |
+| Jamf Pro | macOS/iOS | Apple device management | Commercial |
+| Ivanti Patch | Multi-platform | Enterprise patching | Commercial |
+| ManageEngine | Multi-platform | IT management suite | Commercial |
+
+## Vendor Patch Schedules
+| Vendor | Schedule | Source |
+|--------|----------|--------|
+| Microsoft | Second Tuesday monthly | https://msrc.microsoft.com/update-guide |
+| Adobe | Second Tuesday monthly | https://helpx.adobe.com/security/products.html |
+| Oracle | Quarterly (Jan, Apr, Jul, Oct) | https://www.oracle.com/security-alerts/ |
+| Cisco | As needed | https://sec.cloudapps.cisco.com/security/center |
+| Linux distributions | Continuous | Distribution-specific advisories |

skills/implementing-patch-management-workflow/references/workflows.md

@@ -0,0 +1,49 @@
+# Workflows - Patch Management
+
+## Workflow 1: End-to-End Patch Lifecycle
+
+```
+┌────────────┐   ┌──────────┐   ┌──────────────┐   ┌──────────┐
+│  Discover  │──>│  Assess  │──>│  Prioritize  │──>│   Test   │
+│  (Vendor   │   │  (CVE    │   │  (CVSS+EPSS  │   │  (Lab    │
+│   Feeds)   │   │  Match)  │   │   Scoring)   │   │  Ring 0) │
+└────────────┘   └──────────┘   └──────────────┘   └──────────┘
+                                                         │
+    ┌───────────────────────────────────────────────────┘
+    v
+┌──────────┐   ┌──────────┐   ┌──────────┐   ┌──────────┐
+│ Approve  │──>│  Deploy  │──>│  Verify  │──>│  Report  │
+│ (CAB /   │   │ (Phased  │   │ (Re-scan │   │ (Metrics │
+│  Change) │   │  Rings)  │   │  Confirm)│   │  + KPIs) │
+└──────────┘   └──────────┘   └──────────┘   └──────────┘
+```
+
+## Workflow 2: Emergency Patch Process
+
+For critical zero-day or actively exploited vulnerabilities:
+
+1. **Alert** (T+0h): Vendor advisory or threat intel notification
+2. **Triage** (T+1h): Assess applicability and impact
+3. **Fast-track Test** (T+4h): Rapid testing on critical systems
+4. **Emergency CAB** (T+6h): Expedited approval
+5. **Deploy** (T+8h): Direct to production (skip pilot rings)
+6. **Verify** (T+12h): Post-patch scan verification
+7. **Post-mortem** (T+48h): Review process effectiveness
+
+## Workflow 3: Rollback Procedure
+
+```
+Patch Deployment Fails
+    │
+    ├──> Application Not Starting
+    │       └──> Restore from snapshot/backup
+    │
+    ├──> Performance Degradation
+    │       └──> Uninstall patch (wusa /uninstall /kb:NNNNN)
+    │
+    ├──> Blue Screen / Kernel Panic
+    │       └──> Boot to safe mode, remove update
+    │
+    └──> Network Connectivity Lost
+            └──> Console access, rollback patch
+```