Hi,
should patch management role be classified as server support or security admin. pls comment. thanks
Printable View
Hi,
should patch management role be classified as server support or security admin. pls comment. thanks
In my shop it is classified as server support, however, I from a security perspective, have a high level of control over the process to ensure it meets the security requirements of the company.
Cheers:
can you give me the details of what this high level of control over the process will do?
Basically, I establish the criteria by which patches are rolled out. For example, servers that reside in our DMZ, if there is a 'critical' patch required, they must be installed within 24 hours of the patch being released. This means the server is 'ghosted' and the patch is installed with minimal testing. For servers which are on my internal LAN, 'critical' patches are install within 2 weeks of being announced. That leaves time for a little better testing. All non-critical patches are installed as part of our normal maintenance process.
Does that help a bit?
do u mean that you have 1 person doing the depolyment and the other doing the process monitoring?
Kind of like that, I ensure the patches are being deployed by our server group. If they are have problems or issues they will report to me. At this point in time, the process has worked quite well. I am sure there are other on this board that will have other opinions.
Cheers:
for my case i only can afford 1 person to do the job, how can i justify that patch management belongs to server support?
Well...is the server group responsible for installing other things on the servers (os, applications, etc)? Then why would they not be responsible for installing patches, they are after all, part of the OS or Application.Quote:
Originally posted here by sentme_mail
for my case i only can afford 1 person to do the job, how can i justify that patch management belongs to server support?
Cheers:
yap, the server group responsible for installing other things on the servers (os, applications, patches, etc)
but what reasons can i give to justify that they should also be incharge of the process ?
If the OS's and Applications belong to them, they are responsible for them, then the patches to those systems also belong to them, they must take ownership of them. Patches are a part of the OS or Application, which they (the server group) own. I believe it's just that simple. If your claiming ownership over a systems OS & application you own everything that is bundled with those systems.
Cheers: