BERGRIVIER MUNICIPALITY

Similar documents
Table of Contents. Policy Patch Management Version Control

A company built on security

01.0 Policy Responsibilities and Oversight

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Standard: Vulnerability Management & Standard

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

DETAILED POLICY STATEMENT

Development Authority of the North Country Governance Policies

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Data Security and Privacy Principles IBM Cloud Services

Information Security Office. Server Vulnerability Management Standards

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Threat and Vulnerability Assessment Tool

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

Standard for Security of Information Technology Resources

Comprehensive Mitigation

CS 356 Operating System Security. Fall 2013

IBM Internet Security Systems Proventia Management SiteProtector

Carbon Black PCI Compliance Mapping Checklist

During security audits, over 15,000 vulnerability assessments are made, scanning the network IP by IP.

Information Technology General Control Review

Ritz Camera Leverages Whitelisting for Picture Perfect Security

Virginia State University Policies Manual. Title: Change/Configuration Management Policy: 6810 A. Purpose

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Standard CIP 007 3a Cyber Security Systems Security Management

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

University of Pittsburgh Security Assessment Questionnaire (v1.7)

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Standard CIP Cyber Security Systems Security Management

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Standard CIP Cyber Security Systems Security Management

CIP Cyber Security Configuration Change Management and Vulnerability AssessmentsManagement

Standard Development Timeline

Analysis of CIP-006 and CIP-007 Violations

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

FedRAMP Plan of Action and Milestones (POA&M) Template Completion Guide. Version 1.2

Healthcare Privacy and Security:

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

Standard CIP 007 4a Cyber Security Systems Security Management

BERGRIVIER MUNICIPALITY

Cyber security tips and self-assessment for business

ISE North America Leadership Summit and Awards

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT

locuz.com SOC Services

IBM Managed Security Services for X-Force Hosted Threat Analysis Service

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Cybersecurity Auditing in an Unsecure World

Managed Security Services - Endpoint Managed Security on Cloud

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

HISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security

CORPORATE BUSINESS SOLUTIONS

THE TRIPWIRE NERC SOLUTION SUITE

Continuous protection to reduce risk and maintain production availability

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

CIP 007 Compliance. Kevin B. Perry Dir, Critical Infrastructure Protection

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Cyber Security Program

SECURITY PRACTICES OVERVIEW

TITLE FIELD OF THE INVENTION BACKGROUND OF THE INVENTION

Keys to a more secure data environment

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Total Security Management PCI DSS Compliance Guide

Juniper Vendor Security Requirements

Information Security Controls Policy

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

RBS OpenEMR Multisite Setup Improper Access Restriction Remote Code Execution of 5

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Defining Computer Security Incident Response Teams

Security Principles for Stratos. Part no. 667/UE/31701/004

IC32E - Pre-Instructional Survey

UW-Madison Cybersecurity Risk Management Policy

Vulnerability Management Policy

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

Be Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid

Facility Security Policy

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Emerging Issues: Cybersecurity. Directors College 2015

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

SFC strengthens internet trading regulatory controls

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

Cyber Security Requirements for Supply Chain. June 17, 2015

Compliance Audit Readiness. Bob Kral Tenable Network Security

Information Security Incident Response and Reporting

Symantec Security Monitoring Services

EU General Data Protection Regulation (GDPR) Achieving compliance

ACM Retreat - Today s Topics:

Implementation Plan for Version 5 CIP Cyber Security Standards

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Security Architecture

Transcription:

BERGRIVIER MUNICIPALITY PATCH MANAGEMENT POLICY APRIL 2012 C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Patch Management Policy.docx/cmd 1

CONTENTS Version Control.. Document History. Purpose.. Scope.. e-innovation Responsibility. Monitoring.. Review and Evaluation... Risk Assessment and Testing. Notification and Scheduling. Implementation.. Auditing, Assessment and Verification.. User Responsibility and Practices. C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Patch Management Policy.docx/cmd 2

Revision History Revision date Author Summary of Changes Changes marked Approvals This document requires the following approvals. Name Signature Title Date of Issue Version C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Patch Management Policy.docx/cmd 3

Purpose This document aims to set out a policy to mitigate the phenomena of vulnerabilities within the Microsoft operating system code within computer and servers on the Bergrivier Municipal (BM) network. Scope The scope of this policy is to ensure all computer devices (including servers, desktops, printers, etc.) connected to the BM network have proper virus protection software, current virus definition libraries, and the most recent operating system and security patches installed. e-innovation Responsibility The IT Department is responsible for the overall patch management implementation, operations, and procedures. While safeguarding the network is every network user's responsibility, IT Department ensures all known and reasonable defenses are in place to reduce network vulnerabilities while keeping the network operating. This responsibility includes the tasks detailed below. Monitoring The IT Department will monitor security mailing lists, review vendor notifications and Web sites, and research specific public Web sites for the release of new patches. Monitoring will include, but not be limited to, the following: Scanning BM network to identify known vulnerabilities. Identifying and communicating identified vulnerabilities and/or security breaches to the Head of Department. Review and Evaluation Once alerted to a new patch, IT Department will download and review the new patch. The IT Department will categorize the criticality of the patch according to the following: Emergency an imminent threat to BM network Critical targets a security vulnerability Not Critical a standard patch release update Not applicable to BM environment Regardless of platform or criticality, all patch releases will follow a defined process for patch deployment that includes assessing the risk, scheduling, installing, and verifying. C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Patch Management Policy.docx/cmd 4

Risk Assessment and Testing The IT Department will assess the effect of a patch to the corporate infrastructure prior to its deployment. The department will also assess the affected patch for criticality relevant to each platform (e.g., servers, desktops, printers, etc.). If the IT Department categorizes a patch as an Emergency, the directorate considers it an imminent threat to the BM network. Therefore, BM assumes a greater risk by not implementing the patch than waiting to assess it before implementing. Patches deemed Critical or Not Critical will undergo assessment for each affected platform before release for implementation. The directorate must complete validation against all images (e.g., Windows, etc.) prior to implementation. Notification and Scheduling The IT Department must approve the schedule prior to implementation. Regardless of criticality, each patch release requires the creation and approval of a request for technical change (RTC) prior to releasing the patch. Implementation As Emergency patches pose an imminent threat to the network, the release must be assessed before installation. In all instances, the directorate will perform assessment (either pre- or postimplementation) and document it for auditing and tracking purposes. The IT Department will obtain authorization for implementing Critical patches via an emergency RTC and IT Department s approval. The department will implement Not Critical patches during regularly scheduled preventive maintenance. Each patch will have an approved RTC. For new network devices, each platform will follow established procedures to ensure the installation of the most recent patches. Auditing, Assessment and Verification Following the release of all patches, the IT Department staff will verify the successful installation of the patch and that there have been no adverse effects. User Responsibility and Practices It is the responsibility of each user both individually and within the organization to ensure prudent and responsible use of computing and network resources. C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Patch Management Policy.docx/cmd 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback