Hi,
should patch management role be classified as server support or security admin. pls comment. thanks
Printable View
Hi,
should patch management role be classified as server support or security admin. pls comment. thanks
In my shop it is classified as server support, however, I from a security perspective, have a high level of control over the process to ensure it meets the security requirements of the company.
Cheers:
can you give me the details of what this high level of control over the process will do?
Basically, I establish the criteria by which patches are rolled out. For example, servers that reside in our DMZ, if there is a 'critical' patch required, they must be installed within 24 hours of the patch being released. This means the server is 'ghosted' and the patch is installed with minimal testing. For servers which are on my internal LAN, 'critical' patches are install within 2 weeks of being announced. That leaves time for a little better testing. All non-critical patches are installed as part of our normal maintenance process.
Does that help a bit?
do u mean that you have 1 person doing the depolyment and the other doing the process monitoring?
Kind of like that, I ensure the patches are being deployed by our server group. If they are have problems or issues they will report to me. At this point in time, the process has worked quite well. I am sure there are other on this board that will have other opinions.
Cheers:
for my case i only can afford 1 person to do the job, how can i justify that patch management belongs to server support?
Well...is the server group responsible for installing other things on the servers (os, applications, etc)? Then why would they not be responsible for installing patches, they are after all, part of the OS or Application.Quote:
Originally posted here by sentme_mail
for my case i only can afford 1 person to do the job, how can i justify that patch management belongs to server support?
Cheers:
yap, the server group responsible for installing other things on the servers (os, applications, patches, etc)
but what reasons can i give to justify that they should also be incharge of the process ?
If the OS's and Applications belong to them, they are responsible for them, then the patches to those systems also belong to them, they must take ownership of them. Patches are a part of the OS or Application, which they (the server group) own. I believe it's just that simple. If your claiming ownership over a systems OS & application you own everything that is bundled with those systems.
Cheers:
but i have an admin who insisted that patches are depolyed due to security flaws and therefore should be grouped under security admin. how will you response to him?
Are you this boss of this admin?
If you are I would change his job description to 'stop arguing'.
Does it matter where this role sits? What matters is that it is done and someone is either willing to take responsibility for this, because theay are a valuable employee, or they are not willing to accept responsibility.
If they wont accept the responsibility for this, find someone who will.
If you are not the boss of this admin, I would suggest that you accept responsibility for this role and make sure that everyone knows you are doing this for the good of your business, since you are a valuable employee.
Steve
I see someone is trying to play pass the buck here. Try to explain to the admin, what I have tried to explain to you here. Yes, patches are released to fix security flaws, but they are internal to the OS or application and must be viewed as such. If they continue to play pass the buck, I would go to your boss and explain, because of the added work involved with patch management you are going to need 1,2,3 more people in security admin to deal with work the server group refuses to take responsibility for. (that should ruffle some feathers :D )Quote:
Originally posted here by sentme_mail
but i have an admin who insisted that patches are depolyed due to security flaws and therefore should be grouped under security admin. how will you response to him?
Cheers:
thanks for your reply..
i would like to see more people put in there stand here.. thanks