Explanation
Ensuring all systems have the agent, and is reporting into the portal
Should be driven by provisioning and deprovisioning process to update
Define who is responsible for patching of servers. Configure BF who is responsible for patching machines and groups of machines.
Define who is responsible for patching of workstations. Configure BF who is responsible for patching machines and groups of machines.
Ensuring the BigFix platform is performing and operational
o BigFix Management – device management (updates/environment upgrade), IVR platform management, Console management, quarterly health check
o BigFix Management – access control (users), group lists management, agent fixlets management, site creation/management, agent gap analysis/troubleshooting/resolution, agent performance review (device resource usage)
For something that is not available or to tweak an existing script
(We are consulted for advice on how to do it if they need help, we are not responsible in coming up with fixlets; they specifically know what they want to deploy; patch management, HD and server will almost always create the script or provide it to make it into a fixlet, just like they did with SCCM deployments)
For something that is not available or to tweak an existing script
(We are consulted for advice on how to do it if they need help, we are not responsible in coming up with fixlets; they specifically know what they want to deploy; patch management, HD and server will almost always create the script or provide it to make it into a fixlet, just like they did with SCCM deployments)
Research other patch needs based on vulnerability reports or showing as available in BigFix
Review monthly patch types and details
Select new (untested) patch types to add onto cycle
Monitor publication of patches until cutoff date
Include concurrent patches (previously deployed in other cycles)
(Helpdesk is on a responsible level due to workstations)
Research other patch needs based on vulnerability reports or showing as available in BigFix
Review monthly patch types and details
Select new (untested) patch types to add onto cycle
Monitor publication of patches until cutoff date
Include concurrent patches (previously deployed in other cycles)
(Helpdesk is on a responsible level due to workstations)
Application such as Chrome require specific patch management process
Application such as Chrome require specific patch management process
Primary driver is denoted by Accountable group
Primary driver is denoted by Accountable group
Meet with affected Group owners (device owners) to discuss upcoming patches, plan deployments, discuss patching adjustments, exceptions - to their relevant devices
Review and resolve patch issues from prior deployment cycles – coordinate repeat deployments
Develop methods with group to meet patch compliance on patch unable to be resolved through BigFix
o Prepare and manage suggested list of prioritized vulnerabilities
o Present prioritized vulnerabilities – Groups or device owners, and patch management
o Collect information from device owners to resolve any long term vulnerabilities unable to meet SLAs, false positive or duplicate vulnerabilities
o Communicate and pursue when patches confirmed as implemented, yet the finding is present – meet with Patch Management and escalate to device owners when needed
o Perform follow ups on action items and tracking of those based on meetings occurred throughout the week
o Pursue/research other patches based on vulnerability reports or showing as available in BigFix
(SAME AS ABOVE)
When patch fixlets are not available and something needs to be modified or created.
When patch fixlets are not available and something needs to be modified or created.
Create the deployments for the test groups
Create the deployments for the test groups
Create the deployment for the production runs. May be multiple speed over multiple days
Create the deployment for the production runs. May be multiple speed over multiple days
Coordinate communications and notification bulletins
Modify/create new notification bulletins for new deployments, as required
Review/Modify change based on any special adjustment changes
Gather Change approval
Validate patch bundle content and target group (need secondary review to confirm details
Include Artha for monitoring and post deployment system and service operation
(Helpdesk involvement is because they sometimes push applications updates)
Coordinate communications and notification bulletins
Modify/create new notification bulletins for new deployments, as required
Review/Modify change based on any special adjustment changes
Gather Change approval
Validate patch bundle content and target group (need secondary review to confirm details
Include Artha for monitoring and post deployment system and service operation
(Helpdesk involvement is because they sometimes push applications updates)
Deployment of the patches to the test groups noting any issues and monitoring for reported problems
Deployment of the patches to the test groups noting any issues and monitoring for reported problems
Deployments will be multiple to accommodate different applications, databases, middleware (Talend), Mitel, the different OS versions and staggering of patches to reduce risk of negative impact.
Deployments will be multiple to accommodate different applications, databases, middleware (Talend), Mitel, the different OS versions and staggering of patches to reduce risk of negative impact.
Tracking what has been applied and what still needs to be applied
(We track vulnerabilities; patch management tracks their deployed patches.)
Tracking what has been applied and what still needs to be applied
(We track vulnerabilities; patch management tracks their deployed patches.)
Tracking what has been applied and what still needs to be applied
(We track vulnerabilities; patch management tracks their deployed patches.)
Resolving patches confirmed as implemented, but still showing in reports
Resolving patches confirmed as implemented, but still showing in reports
Address noted issues with test deployments. May involved fixlet development, rescoping of what is included, alternative solution identification and exception creation
Address noted issues with test deployments. May involved fixlet development, rescoping of what is included, alternative solution identification and exception creation
Review deployment success for updating the ticket
Note failures or issues – request/follow up with device-, app-owners, IT, and Artha as needed
Participate in any RCA for service/System outages and provide evidence for investigation
Change Ticket Closure
Review deployment success for updating the ticket
Note failures or issues – request/follow up with device-, app-owners, IT, and Artha as needed
Participate in any RCA for service/System outages and provide evidence for investigation
Change Ticket Closure
In the event of a service impact caused by a patch or when the patch was applied, need to participate in the RCA. (For convenience this is shown as CC accountable though it is known to be a separate team). (Assuming this does not apply to WS)
In the event of a service impact caused by a patch or when the patch was applied, need to participate in the RCA. (For convenience this is shown as CC accountable though it is known to be a separate team). (Assuming this does apply to WS)
Operational scans (Tenable performed by SecEng) performed to verify remedial action was taken on specific devices.
o Process adhoc scan requests and/or OnDemand validation when testing methods to remediate vulnerabilities with other groups
o Review and provide remediation of requested scans
