Operating system patch management policy

If it is suspected that this policy is not being followed, report the incident to Executive Associate Dean or the Director of Technology Services. Any exceptions to this policy must be approved in advance by both the Executive Associate Dean and the Director of Technology Services. Any person found to have violated this policy will be subject to appropriate disciplinary action as defined by the provisions of Indiana University Policy IT , Policy on Sanctions for Misuse or Abuse of Indiana University Technology Resources.

Scope This policy applies to all employees and faculty of SOIC; as well as vendors, contractors, partners, students, collaborators and any others doing business or research with the SOIC will be subject to the provisions of this policy.

Definitions Operating System OS is the set of programs used to provide the basic functions of a computer. It's a different ball game today. Earlier, when software was without a license, patches were stand-alone code modules available on the external media. The admin would simply add the code to the existing software program and run it.

Today, things have moved on to the cloud. Patches are available over the global IP network, and it gets updated automatically, which scans the system and alerts you for update. This helps the admin to analyze if there is anything more to be done to keep the system running seamlessly.

Activate Now. The increased complexity of IT infrastructure and network, and the ever growing threat of malware has been a challenge for every system administrator. The software installation and updates have grown significantly, and so is the speed at which the vulnerability strikes.

To deal with Patch Management the system performs automated tasks - the admin performs timely deployment of updates. The patch management policy helps take a decision during the cycle. This policy covers all servers, workstations, network devices, operating systems OS , applications, and other information assets for which vendors provide system patches or security updates.

Risk Assessment — An evaluation of the level of exposure to a vulnerability for which a patch has been issued. Patch Management and System Updates Policy.

Applicability of the Policy: This policy covers all servers, workstations, network devices, operating systems OS , applications, and other information assets for which vendors provide system patches or security updates.

A manual audit will be conducted on any system or device for which an automated tool is not available. Systems and software will be evaluated to verify currency of patch and update levels and an analysis of vulnerabilities will be performed.

In cases where University resources are actively threatened, the CISO must act in the best interest of the University by securing the resources in a manner consistent with the Information Security Incident Response Plan.

In an urgent situation requiring immediate action, the CISO is authorized to disconnect affected individuals or Units from the network. In cases of noncompliance with this policy, the University may apply appropriate employee sanctions or administrative actions, in accordance with relevant administrative, academic, and employment policies.

Requests for exceptions any to information security policies may be granted for Information Systems with compensating controls in place to mitigate risk. The CISO must review information security policies and procedures annually, at minimum. This policy is subject to revision based upon findings of these reviews. All University-Related Persons are responsible for complying with this policy and, where appropriate, supporting and participating in processes related to compliance with this policy.

Information System Owners are responsible for implementing processes and procedures designed to provide assurance of compliance with the minimum standards, as defined by the ISO, and for enabling and participating in validation efforts, as appropriate. All Vice Presidents, Deans, Directors, Department Heads, and Heads of Centers must take appropriate actions to comply with information technology and security policies. These individuals have ultimate responsibility for University resources, for the support and implementation of this policy within their respective Units, and, when requested, for reporting on policy compliance to the ISO.

While specific responsibilities and authorities noted herein may be delegated, this overall responsibility may not be delegated. Skip to main content. Search form Search. Vulnerability and Patch Management Policy.