Controlling Patch Management

Jul 12th, 2015
SKTFaker
Category:
Computer Science
Price: $40 USD

Question description

Application

Controlling Patch Management

When analysts performed a root-cause analysis on a sample of recently reported security defects in AAG's software, they were able to determine that many of the problems were due to uncontrolled maintenance and patching of the company's applications. In fact, it appears that the programmers had been writing unvalidated and often defect-laden patches into previously secure applications. Moreover, because of those changes it has been getting harder to keep track of the security status of the organization's entire application portfolio.

As a result of this finding, management has decided to implement a Baseline Management Ledger (BML) as a way to ensure that the major security issues AAG face are properly recorded, prioritized, authorized, assigned, and controlled.

In this Application, you will establish the structure for a BML and explain its use in controlling patches to one of the applications within AAG's Revenue Acquisition Management (RAM) Platform, which is discussed on page 2 of the model case.

Include in the BML format all of the types of information you believe are necessary to understand the precise status of the patches that have been applied to every application in the organization's inventory.

Develop a template that identifies the useful categories of information and provide one set of sample entries that help to illustrate how the template should be completed by those using it. A complete BML would have an entry for each change request, but for this exercise, create only one entry.

Using Word, Excel, or a similar program, construct a form that someone in the IT organization or patch management team would fill out in order to document and track a change request for one of the applications in the AAG RAM Platform. Include categories of information such as:

  • The application this patch affects (including the main application name itself, the module/component name within the system, or a specific function within a component);
  • A convention for a tracking number on the change request (much like a "tracking number" you receive for tracking a shipment);
  • Standard identification for the bug this patch is repairing and information about the bug itself (such as priority, severity, description of the bug's behavior/security risk);
  • The authorizer for this patch release;
  • Designation of the team/person doing the repair work and patch release;
  • Current status;
  • Relationship of this patch/fix to other patches/documented in the BML.

This is by no means an exhaustive list of all trackable items. Remember, the goal is to create a ledger template that would help your IT team understand what has changed with an application (the history as well as changes currently in progress).

Once you have developed your BML, explain your rationale for the types of information you chose to include in the BML in a 2- to 3-page paper. Explain any validation rules you would add to the form if it were developed. For example, you could have free-text entry in some of the fields, a drop-down list with standardized fields, and so on. Also include the business rules you think should apply for using this form: Who is allowed to fill it out? What kind of workflow would you recommend for the review (for example, when you need a change authorized, how does that information get communicated to the authorizer)? How would you make sure the BML stays up-to-date?

Your submission should include your paper and your completed BML form.


Tutor Answer

(Top Tutor) Daniel C.
(997)
School: UT Austin
PREMIUM TUTOR

Studypool has helped 1,244,100 students

7 Reviews


Summary
Quality
Communication
On Time
Value
kpcutie
Dec 3rd, 2016
" Excellent job "
Hemapathy
Nov 19th, 2016
" all I can say is wow very fast work, great work thanks "
BlueOcean
Nov 6th, 2016
" Awesome! Exactly what I wanted. "
kevin12622
Oct 28th, 2016
" Goes above and beyond expectations ! "
ashleyisgod
Oct 14th, 2016
" Top quality work from this guy! I'll be back! "
likeplum4
Oct 5th, 2016
" Excellent work as usual "
Molly_Moon
Sep 22nd, 2016
" AMAZING as always! "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1830 tutors are online

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors