troubleshooting Question

Help review broadcast on systems patching directive

Avatar of sunhux
sunhux asked on
SecurityVulnerabilitiesWindows OSNetwork Operations
6 Comments3 Solutions255 ViewsLast Modified:
There's growing concern on the timeliness & thoroughness of patching.  I need to
broadcast out an email to the organization's hundreds of IT staff (infra & apps teams)
to emphasize this in a firm (but non-offensive) manner from governance perspective.

Appreciate if anyone can review it's wordings & add on any useful points:

======================================================================

IT teams,

This broadcast is to emphasize the importance of performing timely patch assessment
& obtain downtime where needed to apply patches.  The patches may be security or
non-security (ie for functional fixes) related and meant for appliances/devices (eg: for
network/firewall devices) Operating Systems for servers, workstations and hosts,
applications and firmwares/microCodes.

You are urged to :

1.review regularly the availability of patches for the respective products under your
   care (via the principal's web page and assess if the released patch(es) are applicable

2. assess if the patch is applicable to the products under your support within 3
    working days

3.do test out the patches and seek for approved downtime early so that you have
   sufficient time to test out the patches as thoroughly as possible to minimize the
   risk of patches causing service disruptions

4.maintain a patch register and update it asap after patching has been done

5. As a good practice, apply patches to development, SIT/UAT before rolling
    out to production  environment

Failing to apply patches timely will result in extended exposure to vulnerabilities
and product defects/issues

For your attention and compliance,
IT Security Governance
ASKER CERTIFIED SOLUTION
btanExec Consultant
Join our community to see this answer!
Unlock 3 Answers and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros