Anthropic-Cybersecurity-Skills/skills/building-patch-tuesday-response-process/references/workflows.md

# Workflows - Patch Tuesday Response Process

## Workflow 1: Monthly Patch Tuesday Lifecycle

```
Week 1 (Patch Tuesday):
  Mon: Pre-staging, verify infrastructure readiness
  Tue: Patch release, triage, zero-day emergency deployment
  Wed: Scan environment, update signatures, gap analysis
  Thu: Begin pilot deployment (Ring 1)
  Fri: Monitor pilot, document issues

Week 2:
  Mon-Wed: Production server deployment (Ring 2)
  Thu-Fri: Monitor server health, rollback if needed

Week 3:
  Mon-Fri: Workstation deployment (Ring 3)

Week 4:
  Mon-Wed: Catch stragglers (Ring 4)
  Thu: Validation scanning
  Fri: Compliance report, close change tickets
```

## Workflow 2: Zero-Day Emergency Response

```
┌──────────────────┐     ┌──────────────────┐     ┌──────────────────┐
│ Zero-Day CVE     │────>│ CISO Approves    │────>│ Emergency Change │
│ Identified       │     │ Emergency Patch  │     │ Ticket Created   │
└──────────────────┘     └──────────────────┘     └──────────────────┘
                                                          │
        ┌────────────────────────────────────────────────┘
        v
┌──────────────────┐     ┌──────────────────┐     ┌──────────────────┐
│ Quick Smoke Test │────>│ Deploy to Ring 0 │────>│ Monitor for      │
│ (1-2 hours)      │     │ (Critical Assets)│     │ Issues (4 hours) │
└──────────────────┘     └──────────────────┘     └──────────────────┘
        │
        v
┌──────────────────┐     ┌──────────────────┐
│ Broader Rollout  │────>│ Validation Scan  │
│ (All Rings)      │     │ & Report         │
└──────────────────┘     └──────────────────┘
```

## Workflow 3: Patch Compliance Tracking

| Metric | Target | Measurement |
|--------|--------|-------------|
| Zero-day patch rate | 100% in 48 hours | SCCM compliance report |
| Critical patch rate | 95% in 7 days | Vulnerability scan delta |
| High patch rate | 90% in 14 days | Vulnerability scan delta |
| Overall compliance | 95% in 30 days | Monthly compliance dashboard |
| Exception documentation | 100% documented | GRC platform audit |