Standard and Process
Vendors (or the open source community) periodically publish a security patch for their operating system or application program. A security patch fixes a security vulnerability. Install security patches when made available.
Older versions of applications increase the risk of the software not having current security patches developed. Installation of newer versions of the operating system or application program may be needed.
IT staff are responsible for working with users, data owners and service directors to develop security patch plans for University resources.
Users, data owners and service directors need to work with IT staff to understand and follow the security patch plan. This may include connecting the computer to the University network to download patches and restarting the computer to apply the security patches.
- This standard is based on the principles of ISO/IEC 27002:2005.
Document Owner: University Information Security
Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect
Effective Date: August 2010
Last Reviewed Date: November 2014