![]() ![]() When a patch is announced, an authorized system owner must document the change according to formal change management procedures. Each UAB server must have a named service owner and system owner. Each service owner is responsible for UAB servers under their control. All university-managed servers will be maintained with the latest security patches to their operating systems and applications.ī. UAB IT will communicate with the campus community regarding deployed security patches.Ī. Once validated UAB IT will schedule and deploy validated patches to end points on a monthly basis. For centrally managed devices, applicable patches will be tested and validated by UAB IT prior to deployment to campus. Application software vendors release security patches on a regular schedule. UAB IT will prioritize centralized patching efforts in the order of (1) Windows operating systems, (2) Apple operating systems, (3) applications such as Adobe, Flash, etc.ĭ. All critical operating system and application patches will be installed within thirty (30) days of release from the vendor.Ĭ. Patch management for all endpoints is centrally managed by UAB IT.ī. ![]() 2.0 Scope and ApplicabilityĪll UAB-owned devices as well as devices that store, process, or transmit University data must be proactively managed and patched with appropriate security updates. ![]() Commensurate with this, the disruption to the systems being patched should be minimized by using a preferred window of weekends. Patching may require systems to be rebooted in order for the patch to be applied. By taking a proactive approach to managing vulnerabilities, the University is able to reduce or eliminate the potential for exploitation and prevent the excessive time, effort, and costs that result when responding to an incident after it has occurred. Patch management is a critical preventive measure designed to proactively counter the exploitation of vulnerabilities that exist within UAB systems. Vulnerability Management Rule 1.0 Introduction Minimum Security for Computing Devices Rule Related Policies, Procedures, and Resources ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |