Re: RESULTS: Survey about security maintenance windows

[Thomas Carter <tcarter () AUSTINCOLLEGE EDU>]

The policy mentions notifications; how is that accomplished? Is it a passive (posted on a website/portal, etc) or 
active (email sent out, etc) notification process? Are there specific notifications (e.g. service and time) or just 
general (this maintenance window will be used)? About how often are the windows used vs. not used?

Sorry for the additional questions, but we have a very small staff and I would like a no-notification required policy. 
If something doesn’t work during the window, assume it’s IT maintenance. If it’s still not working after the window, 
then call the help desk. The problem is the notification process easily becomes a “make sure nothing important is 
impacted” process which becomes a “make sure no one is inconvenienced in the slightest (except IT)” process (from past 
experience). I would like to avoid that slippery slope if possible.

Thanks,
Thomas


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark 
Monroe
Sent: Friday, July 10, 2015 3:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] RESULTS: Survey about security maintenance windows

I missed the email before.. May not mean anything now, but here is our policy
http://www.umsl.edu/technology/About%20ITS/ITS%20Policies/ITS_Maintenance_Policy_March2010.pdf


Sent from my iPad

On Jul 10, 2015, at 3:10 PM, Thomas Carter <tcarter () AUSTINCOLLEGE EDU<mailto:tcarter () AUSTINCOLLEGE EDU>> wrote:
Attached is a quickly put together PDF of the results of this survey. No major surprises (except the response that says 
IT doesn’t get any time off including holidays! Must be a big school with plenty of staff.)

My goal with this is to share with my campus leadership that a regular maintenance window is not an unusual request and 
is part of good business practices.  Thank you everyone who responded; your answers were greatly appreciated.

Thanks,
Thomas Carter
Network & Operations Manager
Austin College


From: Thomas Carter
Sent: Monday, June 29, 2015 11:47 AM
To: 'The EDUCAUSE Security Constituent Group Listserv'
Subject: Survey about security maintenance windows

I put together a quick survey about maintenance windows for security issues. My definition of a maintenance window is a 
time we can remove any IT system from service without prior notice or approval. We’re wrestling with the best 
frequencies/times/days/etc and I wanted to see what was working for others. This is specifically about maintenance when 
security fixes, patches/updates, firmware upgrades, etc are done.

The survey is here:
https://www.surveymonkey.com/r/38JFPBX

I appreciate any input you can provide; responses will be kept confidential. If others are interested, I’ll summarize 
the results here in a week or two.

Thanks,
Thomas Carter
Network & Operations Manager
Austin College
<MaintenanceWindowSurveyResults.pdf>