As part of SC Magazine's year-end roundup, the U.S. editorial team compiled lists of the most memorable - and sometimes most outrageous - news to cross your screen this year.

Many organizations appreciate the regularity of Patch Tuesday to better prepare and execute patch deployment. However, few organizations use the time prior to Patch Tuesday to efficiently prepare systems and people for rapid deployment. In 2005, the industry average to fully deploy a new critical security patch was a full 30 days. With the rise of zero-day threats and the release of out-of-cycle patches, administrators need a plan for handling emergency policy and patch updates.

Shake-up at McAfee An internal McAfee probe spurred by Securities and Exchange Commission inquiries has led to a shake-up at the security giant. George Samenuk retired as chairman and CEO, while Kevin Weiss was fired. Board of Director Dale Fuller took over as interim president and CEO, while Charles Robel, another board member, was named chairman. A special committee's investigation determined insiders were participating in a questionable stock options practice known as backdating. News of the departures led some analysts to conclude that McAfee is ripe for acquisition. Fuller said: "All options are on the table."

During my recent conversations with industry analysts about evolving security threats, the issue of security settings has become a main topic of discussion. Initially, anti-virus was adequate enough to protect systems from outside threats, but it soon became a service with a continual addition of virus signatures.

With the spate of web browser vulnerability announcements this year, many of them true zero-day vulnerabilities, the topic of browser security is as hot as it's been in the past five years. And perhaps the hottest issues surrounding Patch Tuesday this month don't involve the 10 security bulletins Microsoft published as scheduled, but the fix that was released two weeks prior to patch Tuesday - out of schedule.

Scott Davis and his small network security team at global investment management firm T. Rowe Price, no longer want to hide under the covers on Microsoft's "Patch Tuesdays."

Although the most damaging viruses and worms can penetrate critical systems in a matter of seconds, it isn't necessary to sacrifice an ounce of your company's critical data to one of these attacks. Organizations can escape the wrath of even the most tenacious worms and viruses provided two key ingredients are in place: a standardized, documented process for patch and vulnerability management and the right people working together around this process.

Feds: Improve security Federal agencies worked against an August deadline to implement improved security controls designed to better protect the private information of U.S. citizens in the hands of government officials. A memo on the sweeping changes was sent out in late June by the White House's Office of Management and Budget. OMB said it will work with inspectors to ensure agencies are in compliance. "We intend to work with the general community to review these items to ensure we are properly safeguarding the information the American taxpayer has entrusted to us," OMB Deputy Director Clay Johnson III said in a memo.

To the law-abiding internet user, online payment systems offer immediacy, convenience, safety and a global reach, while keeping transaction costs to a minimum. To the cybercriminal, such services offer the same benefits — plus something even more attractive: secrecy.

Nearly 50 security practitioners met in May in Hilton Head Island, S.C. for another successful SC Forum event — the first of two forums this year.