L&I's Patch Management for Desktops Project
-- by Marjorie Dausener, Department of Labor and Industries
The Department of Labor and Industries recently adopted a new Patch
Management process in response to the large numbers of patches released by
Microsoft to fix vulnerabilities in the XP operating system. While XP is a very
stable desktop operating system with great functionality, it has become a target
for hackers. These hackers seek to exploit any operating system vulnerabilities
by creating viruses and worms. Microsoft writes patches that fix the code the
virus is trying to exploit.
The problem for any business is how do we learn about, assess, test, verify,
and deploy all the patches that are released? And how can we do this rapidly
when the threat is high?
To answer these questions, a Patch Management project team (see photo) was formed. The
process below was developed.
- Patch rollouts occur on a monthly cycle and are set up to coincide with
Microsoft's release of its patches.
- A Risk Analysis model was developed by IT Security for assessing security
patches. The patches are rated 1 through 5, with 5 being the most critical.
- A Technical Review Team was created. This team includes network
technicians, application developers and desktop support staff. They evaluate the
patches against the applications they support. Typically, they test the patches
as well.
- Once the patch has gone through the Technical Review Team, assuming there
are no errors found, it is rolled to groups of business area customers that
receive the patch before the rest of the agency. These testing groups are called
"IceBreakers" as they are "plowing the way" for the rest of the agency. The
formation of these groups was the last piece to put in place to complete the
project.
- The IceBreakers are to simply do their work. The more they use the
application the better the verification. There is no special testing involved.
- IceBreaker members were selected from across the agency to ensure that all
agency standard applications are tested.
- There is a support model and a
tracking method in place to ensure any problems are documented and fixed by
desktop support technicians.
The project team piloted the new process this past spring, and based on its
success, the new process was officially adopted.
Return to Top
News from the Past
5 Years Ago -- August 1999 IPMA Newsletter
10 Years Ago -- August 1994 IPMA Newsletter was not published
15 Years Ago -- August 1989 IPMA Newsletter was not published
20 Years Ago -- August 1984 Association of Data Processing Managers Newsletter
25 Years Ago -- August 1979 Association of Data Processing Managers Newsletter
30 Years Ago -- August 1974 Association of Data Processing Managers Newsletter
Return to Top
Summary of July 8, 2004 IPMA Board Meeting
Members Present: Jim Albert, Thomas Bynum, Phil Grigg, Sheryl Hall,
Dennis Jones, Dennis Laine, and Shelagh Taylor. Phil Coates, CFO, and Jim
Andersen, Forum Events Manager, were also present.
Thomas Bynum, IPMA Vice-Chair, opened the July 2004 meeting of the IPMA Board
of Directors at 7:30 a.m.
Secretary/Treasurer: The minutes from the June 2004 Board meeting were
approved.
The Board approved the June 2004 financial status and activities reports.
COMMITTEE REPORTS
Forum 2004: Jim Andersen presented the final 2004 Forum status report.
- Vendors: All 47 vendors have paid for their 2004 booths
- Corporate Sponsors:
- We have commitments from 26 vendors who want to be sponsors next year.
- Twenty-one sponsor fees have been paid. No change from the June report.
- Waiting for payments from Xerox, Verizon, Unisys, Filenet and Sun.
- Forum Attendance: We had 650 attendees register on Tuesday and 237
register on Wednesday for a total of 887. After clean up of the data, we ended
up with 774 registered attendees, 166 were new in that they hadn't registered at
a forum for the past four years. The number of state employees was 665 or 85% of
the total. The following is a breakdown of attendees by classification:
- Developers & Data Administration 261
- Managers 118
- Project Management 89
- Security & Networks 78
- Consulting 37
- Telecom & Wireless 25
- Training 18
- Other 148
- Forum post-event review: Listed are some suggested changes for Forum 2005:
- Use online registration
- Develop a "lead" system to electronically collect names at the door and to
produce attendee name tags.
- Use IPMA gift (portfolio) as a reward for legibly completing the
registration forms.
- Do a better job of inviting the private sector.
- Modify the exhibit floor to encourage attendees to visit the vendor area.
- Add some sessions on "best practices" and "state concerns."
- Reach out to the state Indian tribes.
- Bring in an espresso bar.
- Avoid lunch sessions.
- Stagger start times for breakout sessions.
- Put daily breakout sessions schedule in front of each conference room.
- Try to avoid conflicts with other northwest technology shows.
- Add name and title of speakers to all breakout sessions.
- Sessions should be more technical.
- Provide 6' (not 8') tables for all booths.
- Seek more involvement by ACCIS because of their use of state RFP's .
- Shorten sessions to 45 minutes. (There was a lack of agreement on this
suggestion.)
- Move earlier to sign up keynote speakers.
- Use DOP mailing lists and add a DOP person to the planning committee.
- Stop the over pricing by GES.
- Advertise Forum as a technology show and as a training event.
- Tax Facts flyer from Department of Revenue: The June 2004 Tax Facts notice
state the following: "Special event promoters and vendor verification - SB 6663
(Chapter 253, Laws of 2004) requires that special events promoters make a "good
faith effort" to verify that vendors at their events are registered to do
business with the Department of Revenue. It also requires that such promoters
make a good faith effort to keep and preserve specific vendor information
records for a period of one year from the date of the event. "Effective June 10,
2004." The board directed Phil Coates to work with Jim Andersen to ensure that
we are in compliance for the 2005 Forum.
Communications: No Report
Professional Development: Sheryl Hall presented the following
committee report:
- June 23, 2004, IPMA Seminar Update: "VoIP - Voice Applications on the
Network" with Right! Systems and Seitel Leeds and Associates
- 60 People registered
- 5 cancelled prior to the event
- 45 attended the event, at 11:30 there were approximately 39 present
(expected for this type of event - small target audience.)
- 24 evaluations received
- Ratings were primarily between 4 and 5 $ A few of the comments received:
- Would have liked to have seen some high level examples of Total Cost of
Ownership (TCO) - real experiences.
- Very, very good job!
- This was perhaps the most focused and relevant presentation on IP Telephony
in State Government that I've seen to date.
- Too much jargon
- Great job overall!!
- August 12, 2004, Seminar, "Tools for Managers Faced with Change Management
Issues," is on track.
- Marketing materials will be completed this week
- Will send announcement to Bob Monn next week for posting
- Working with Saint Martin's Catering and Facilities for food menu/setup
- Allen Schmidt and Sheryl met this month to start planning the October
seminar. They will meet again in August to match topics with the 2005 dates
reserved with Saint Martin's for facilities.
- Sheryl also noted that there had been requests from speakers at various
seminars about getting the copies of the attendee lists. The board decided that
consistent with Forum policy, names and mailing addresses could be provided.
However, telephone numbers and/or e-mail addresses will not be provided until an
"opt out" mechanism is developed. This will be a discussion item at the 2005
board planning retreat.
Executive Seminar 2004: Phil Grigg reported that they are on schedule
for this year's Executive Seminar. Thus far there are 30 people registered to
attend. The target is 70. Phil encouraged the board to expedite the
registrations for their respective agencies. He also noted that the registration
isn't official till the payment is received.
Business Planning: No Report
Management Development Program: Dennis Jones distributed and discussed
several high quality handouts that detailed the results of the June 22, 2004
Mid-Manager Focus Group Session.
Purpose: The purpose of this focus group session was to seek input from a
group of IT mid-managers on the development opportunities they need in order to
progress into senior IP leadership positions in the state, and how they would
like those development opportunities packaged and delivered.
In Attendance: Nine mid-managers, two CIO's and two facilitators.
Results: The managers reviewed the "Business Management Competency Framework"
provided by the facilitators and indicated through a show of hands their
interest in having a particular competency area included within the scope of the
proposed manager development program. High scores indicated high interest. Low
scores and interest did not necessarily indicate that the subject was not
important, but rather that it was not needed as part of this proposed program
because it could be easily attained elsewhere, was not something that could be "taught," or should already be a competency of people engaged in the proposed
program. Fifty-seven topic areas were weighted and ranked. The top ten of those
are as follows:
- Organizational transformation (managing cultural change) 92.16%
- Partnering 90.2%
- Negotiating/influencing 90.2%
- Portfolio Management 90.2%
- Networking 88.24%
- Decisiveness 88.24%
- Performance measurement and improvement 88.24%
- External awareness 86.27%
- Labor Relations 86.27%
- Delivering competitive services 86.27%
Other Comments:
Delivery method
- Like the UW Project Manager model
- Some non-academic activities as well like exposure to ISB meetings, CAB
meetings, Governor's Cabinet, Legislative hearings, etc.
- Building personal networks is important
- Extended time frame - don't pack it all in at once (like an extended MBA
program)
- Good instructors and reading lists
- Include some "case studies" - especially related to real-world Washington
experiences.
- Rotational assignments would be very valuable
Who should attend
- Should be nominated and selected. Not self-selected.
- Managers who manage other managers/supervisors
- Progressive experience
- Project managers
- Not just anyone, but those with "potential"
Costs
- Comparable to UW and other programs
- Didn't get much feedback
- Should there be some self-pay to show interest in self-development?
Other Content
- Quality management
- Customer Relationship Management
- Managing "Geeks"
OTHER BUSINESS: None
The next board meeting will be held August 12, 2004, at the Shipwreck Café.
The meeting was adjourned at 8:34 a.m.
Return to Top
IPMA, P.O. Box 1943, Olympia, WA 98507-1943
