Educause Security Discussion mailing list archives
Re: Desktop patch management?
From: Omar Herrera <omar_herrera () BANXICO ORG MX>
Date: Fri, 12 Sep 2003 13:01:34 -0500
Craig, Forcing the update Hill be extremely difficult in this situation; even if there are technological solutions that would allow to do that it won't help in your relationship. I would recommend to ask management to create a committee that takes decisions on these special "emergency" events. This committee should include representatives from different departments (at least of those that are most important). They are the ones directly affected, so, inviting them to participate will help you to: a) increase their security consciousness b) involve them in the process c) reduce tension in your relationship with them It is critical that management gets actively involved, otherwise you will face deadlock situations where the committee can't take a decision. In this way, management is not forcing anyone, you get them (users) involved and, even if this is slower than giving you full power to enforce security, it should improve your capabilities to prevent and react to security incidents. Remember that security is not a business process by itself in most organizations; it supports the business process though. I don't like the idea to see Universities as businesses, but we do have our own main processes and goals (transfer knowledge and experience, research ...). When users understand that patching the machine is for their own benefit (to allow them to continue working), resistance will lessen. Omar Herrera, CISSP Instituto Tecnológico y de Estudios Superiores de Monterrey, Mexico City Campus Information security topic and laboratory -----Mensaje original----- De: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] En nombre de Craig W. Drake Enviado el: Viernes, 12 de Septiembre de 2003 12:04 PM Para: SECURITY () LISTSERV EDUCAUSE EDU Asunto: [SECURITY] Desktop patch management? I was just wondering how everyone is handling desktop patch management in their environments. We are in a situation where users/departments manage their own desktop systems. We do not have any kind of Windows domain structure and do not have any kind of common administrator account/password on desktops university-wide. Some users/departments have very negative attitudes towards our IT department and do not want anybody from our department "messing with" their computers. Management doesn't want to lose favor with those users by forcing them to comply with any kind of centralized IT policy. We have tried sending out emails to our users asking them to visit WindowsUpdate, but only about half of the computers get updated. Does anybody have any suggestions on how to force all of the updates to all of the computers on campus in this situation? ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Desktop patch management? Craig W. Drake (Sep 12)
- <Possible follow-ups>
- Desktop patch management? Craig W. Drake (Sep 12)
- Re: Desktop patch management? Omar Herrera (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? LaSandra DeLeon (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Clyde Hoadley (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Dan Roberts (Sep 12)
- Re: Desktop patch management? Melissa Guenther (Sep 13)
(Thread continues...)