There is an ever increasing cyber threat that vulnerabilities in infrastructure and software can cause serious business impact such as service outages, fraud, ransom and data loss.

One of the main ways to address this is by ensuring infrastructure and software is up to date and regularly patched as newer versions and patches address known security vulnerabilities.

While there are sound patching processes in place for operating systems and we have an annual process to review all end of life infrastructure and software components, there is a lack of patching on Middleware components.

Middleware, in the context of this project, covers the strata of software components that support the application layer. For example, this covers Application and Web server software, Software libraries and frameworks, Databases systems, Message brokers and print / file services. It excludes Operating Systems and Network components.

This project will not execute patching for all middleware components, but will review them all and establish a patching strategy for each one. Where patching can be executed very simply this will be covered by the project.

The creation of this project is driven by the need to counteract security vulnerabilities. However, it should be noted that the patching process created will cover all kinds of patches, not just those related to security.

The scope of this project is to undertake the following activities:

  • Create a Middleware Patching Register. The patching register must clearly define all Middleware components in-scope.  
  • Create a patching strategy for each in-scope entry on the patch register. Patching strategies may be grouped together into classes.  
  • Create and/or compile a set of technical patching instructions for selected in-scope entries.  
  • Execute a selection of patches.  
  • Handover of patching register and associated collateral to production mgmt. Ensure the Middleware patching process is incorporated into business-as-usual production mgmt processes.

AP89-020

 

RfC : C1907-030

Current project status

Report Date RAG Budget Effort Completed Effort to complete
August 2019 BLUE 34.0 days 34.0 days 0.0

Project Info

Project
Middleware Patching Process
Code
INF140
Programme
ISG - IS Applications Infrastructure (INF)
Management Office
ISG PMO
Project Manager
Karen Stirling
Project Sponsor
Stefan Kaempf
Current Stage
Close
Status
Closed
Project Classification
Run
Start Date
22-Oct-2018
Planning Date
14-Nov-2018
Delivery Date
19-Jul-2019
Close Date
02-Aug-2019
Programme Priority
4
Overall Priority
Normal
Category
Compliance

Documentation

Project Dashboard

Project journal

No entries found.

Change dashboard

Nothing to report.