There may also be shops that have internal controls, procedures, and/or
audit requirements that allow security updates but not necessarily any other
updates without rigorous review & testing. Having a separate security group
lets them get those updates without scouring all PTF cover letters looking
for just security-related events.

Also, in my experience auditors have rarely questioned the application of
Windows updates but have almost always asked why we put on Cumes and
Groups. Unfair treatment IMO but at least with the sec PTF group you can
say, "these address security problems (just like the monthly MS updates)."

On Mon, Jun 1, 2009 at 10:15 AM, <rob@xxxxxxxxx> wrote:

For people who subscribe to this list perhaps? You and I care about
Hiper. (Even though every other month is still my policy.) People who do
security but not admin (if there are any in our world :-)) may not give a
rip about hiper (if it ain't broke...) but security may grab their
attention.

Of course now downloading the latest security patch every other week
really doesn't sound good... Sounds more like some other software...

Now there are people on the other side of the fence. Those who believe
that a hiper ptf better really fit the acronym. Otherwise they may feel
that a minor security patch may create more problems than it fixes. (Like
if something was missed in the lab but may be found in the world.) Much
like the "if it ain't broke don't fix it" mentality again.

Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From:
lbolhuis@xxxxxxxxxx
To:
Security Administration on the AS400 / iSeries <security400@xxxxxxxxxxxx>
Cc:
security400@xxxxxxxxxxxx, security400-bounces@xxxxxxxxxxxx
Date:
06/01/2009 09:48 AM
Subject:
Re: [Security400] New 6.1 security group ptf.
Sent by:
security400-bounces@xxxxxxxxxxxx



Then why not stuff it into the HIPER group which is already every other
week???

I will ask appropriate peoples.....

- L



Larry Bolhuis IBM Certified Advanced Technical Expert:
Vice President System i Solutions
Arbor Solutions, Inc. IBM Certified Systems Expert:
1345 Monroe NW Suite 259 System i Technical Design and Implementation
V6R1
Grand Rapids, MI 49505
(616) 451-2500
(616) 451-2571 - Fax
(616) 260-4746 - Cell
(Embedded image moved to file: pic14181.gif)

If you can read this, thank a teacher....and since it's in English,
thank
a soldier.




rob@xxxxxxxxx
Sent by:
security400-bounc To

es@xxxxxxxxxxxx <security400@xxxxxxxxxxxx>
cc


06/01/2009 09:40 Subject

AM [Security400] New 6.1 security
group ptf.

Please respond to
Security
Administration on
the AS400 /
iSeries
<security400@midr
ange.com>






New 6.1 security group ptf. Starting sometime in July they plan on
pushing this out every other week.

http://www-933.ibm.com/eserver/support/fixes/fixcentral/fixdetails?enableOrder=Y&fixid=SF99608&myns=i610&mync=R



Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.



_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.





This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].