Thomas A. Gerace scite author profile

Cavusoglu

2009

Commun. ACM

Introduction "After the flames from the slammer's attack were doused and the technology industry caught up on its lost sleep, we started asking questions. Why did this happen? Could we have prevented it? What can we do to keep such a thing from happening again?" These are some of the questions that the security industry asks after every major security incident. Today most security incidents are caused by flaws in software, called vulnerabilities. It is estimated that there are as many as 20 flaws per thousand lines of software code. Computer Emergency Response Team/Coordination Center (CERT/CC) statistics reveal that the number of vulnerabilities reported has increased dramatically over the years, from only 171 in 1995 to 8064 in 2006. Along with vulnerabilities, the sophistication of attack tools has also advanced over time. Using the interconnected nature of the Internet and automated attack tools, attackers exploit software vulnerabilities at an alarming rate to cause serious damage to organizations. Although the ultimate solution to fix software vulnerabilities is application of patches, until a few years ago the term "patch management" was not in the general vocabulary of even the most advanced information technology staff. Today, "patch management" is not only in the common vernacular of most IT staff, but it is also one of the most essential responsibilities of IT departments. Security threats stemming from the exploitation of vulnerabilities pose serious risks to corporations, including unauthorized access to systems, corruption or modification of data, and unavailability of system resources to authorized users. Systematically applying patches to vulnerable systems through effective patch management can effectively reduce the number of security lapses. It is estimated that 95% of security breaches could be prevented by keeping systems up-to-date with necessary patches. Though recognized as important for security, many organizations do not have a clear understanding of the elements of patch management and how these elements impact the success of the patch management process.

The critical elements of patch management

Cavusoglu

2005

Only a few years ago, the term "patch management" was not in the general vocabulary of even the most advanced information technology staff. Today, "patch management" is not only in the general vernacular of most IT staff, but it is also one of the more essential responsibilities of IT departments. Security threats stemming from the exploitation of vulnerabilities in software products pose an important problem to corporations, governmental agencies, educational institutions, banking, and many other entities. We can decrease the possibility of security threats by systematically applying patches to software products for which vulnerabilities have been identified.The patch management process is important to all aspects of an institution. The success of the patch management process depends on several critical elements, including senior executive support, identification of vulnerabilities, reporting, testing, and more. All of these elements contribute to the success of an organization's patch management process. This paper discusses the results of a survey of IT professionals which sought to determine the importance of these critical elements in the patch management process. The results of the survey provide insight into how organizations view these elements.

Decentralized and centralized it support at Tulane University

Jean

Krob

2007

The decentralized-versus centralized-computing debate has raged for years; a survey of SIGUCCS papers and presentations from the past 25 years will confirm that fact. A new paradigm is emerging at Tulane University -a collaborative approach in which decentralized IT groups work with central IT to implement university-wide projects.One such project was Tulane's recent successful implementation of Exchange. Key to the success of this major university-wide change was the inclusion of 2 major decentralized computing groups -the Law School and the Business School --as pilot projects. These groups, both from academic departments, brought a new view to the project planning table.This paper describes how this new collaborative approach has worked at Tulane, how it came about, what has worked (and what has not worked), and how such an approach provides a foundation for future benefits.

The changing of the guard: a case study of change in computing

Hartman

Woodruff

et al. 1988

Change, in the context of computing environments, can assume a number of forms, varying widely in nature and degree. At Tulane University, Tulane Computing Services initiated a significant change in the Offtce of the President of the University: the existing system of stand-alone MS-DOS microcomputers was replaced by a Macintosh local area network complete with laser printing, mainframe communications, and shared file access. In this instance, the director of the department (the President of the University) directed that the change take place, and the central computing organization and the President's office staff worked together to accomplish the transition to the new computing environment. The change was effected with minimal disruption to the department's operations. This paper describes the successful implementation of change from one computing environment to another. We discuss the planning and preparation involved in facilitating change, the training and education required for those involved in the change, and the attitudes of the individuals affected by the change. An important component of the process was interviews conducted with those involved. These interviews were conducted in order to determine the factors which influence an individual's attitudes toward change, specifically in the context of computing environments.

Microcomputer support in user services

1986