Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: Not patching clients??
.

  • To: "Patch Management Mailing List" <[EMAIL PROTECTED]>
  • Subject: RE: Not patching clients??
  • From: Michael Iseyemi <[EMAIL PROTECTED]>
  • Date: Thu, 29 Apr 2004 15:01:20 -0400
  • Reply-to: "Patch Management Mailing List" <[EMAIL PROTECTED]>
.
 
Paul,

Judging from your email address, I will assume that your organization is
covered under HIPAA privacy rules and security rules. Under this assumption,
I suggest pointing out the risk of not being in compliance with HIPAA. This
should be addressed as part of your entities governance model and fiduciary
responsibilities as lack of compliance could lead to various sanctions
including lost goodwill as clients and partners alike will loose confidence
in them

Hope this is helpful

Thanks,
Michael

-----Original Message-----
From: Paul Nelson [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 29, 2004 2:37 PM
To: Patch Management Mailing List
Subject: Not patching clients??


Hi group,

Recently there has been talk in our IS group that patching clients is
unnecessary and there will not be a dedicated person to research or resolve
outstanding issues. We are primarily a Novell environment and have SUS
running for a handful of systems, but that is about it.  We can push out
patches via ZEN, but this is only done in emergencies (think Blaster).
Client-wise, that's absolutely scary.  We do however have dedicated
individuals to cover any server or back-office system, so we are not in
trouble there.  Our management's opinion is that network gear and the
perimeter will take care of the business, so patching clients is
irrelevant..

My question or issue to present to the group is how do you approach a
situation when management considers it unnecessary to patch clients?  Being
a technical person I know the impacts, but of course things don't change
even after everyone talks about it.  We're in the situation where it almost
takes a major exploit to wreck havoc and change opinions.  I'm surprised
that only the server people are interested in defending the patch issue and
they are the only ones taking action.

I know many people are (or were) in this situation.  After reading the
survey posting in the group earlier this morning, it does not shock me that
many organizations have only one person to handle this.  What do you do if
you essentially have no one?

I'd like to see other's opinions or unique viewpoints on this.

Thanks,

Paul Nelson
Network Specialist
Medical College of Ohio
(419) 383-3638
[EMAIL PROTECTED]


---
To unsubscribe send a blank email to
[EMAIL PROTECTED]

---
To unsubscribe send a blank email to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.