Security Basics mailing list archives
When is a Security patch not a patch?
From: solutions () truenorthsatcomm ca
Date: 1 Mar 2007 17:22:24 -0000
Greetings, I have a dilemma. I'm the IT Security dude. I'm responsible for filtering incoming security information (CERT announcements, vendor security patches, real threats, etc.) and doing an impact analysis on them. Since our organization is very structured i.e. ITIL I then send my report to our Service Delivery team who is responsible for the hands on sysadmin. So my dilemma is this. Management is now rethinking this approach (since the Service delivery folks are quite busy) and is expecting me to apply patches. My argument is that; a) No one person can have the detailed knowledge of all the OS's we support (basically all OS's) to be able to do this and; b) That a security patch is just another patch, albeit more urgent than patches applied during the regular patch cycle. To be frank, there is no patch management procedure in place at all. Patches are applied in an adhoc "as needed" basis. So what to do? Can anyone offer any insight? Please and Thanks, Mark --------------------------------------------------------------------------- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- When is a Security patch not a patch? solutions (Mar 02)
- Re: When is a Security patch not a patch? Jason P. Rusch (Mar 06)
- Re: When is a Security patch not a patch? TrueNorth Satellite Communications (Mar 06)
- RE: When is a Security patch not a patch? Justin Nordine (Mar 06)
- Re: When is a Security patch not a patch? TrueNorth Satellite Communications (Mar 06)
- Re: When is a Security patch not a patch? Devdas Bhagat (Mar 09)
- <Possible follow-ups>
- Re: When is a Security patch not a patch? klevinson (Mar 06)
- RE: When is a Security patch not a patch? jay.tomas (Mar 07)
- Re: RE: When is a Security patch not a patch? esurientone (Mar 07)
- Re: When is a Security patch not a patch? Jason P. Rusch (Mar 06)