Updating of security procedures policy
Server updates shall be done by a qualified and authorized system administrator.
Updates for servers shall be checked no less than monthly to determine whether any new updates to any computer system components are required.
Policy management is one of the most thankless (yet crucially important) tasks in security.
There is no glory in writing, maintaining, and communicating policies.
and so on you have to change as exploits and issues are found just like in life.
you walk down the street, theres a hole in the road, do you jump it ignoring it or change your path to avoid it, change is a part of life as in all things...
If the database system is small, the database administrator may have the responsibilities of the security administrator.
Policies must be current with relevant legislation and regulations, and it’s a good idea to have them reviewed by a lawyer periodically.For small organizations that do not have these resources, one technique is to watch the emial groups like NTBug Traq to find out what problems other organizations may be having with the patch.The disadvantage is that you may need to wait a little longer before applying the patch which may slightly increase the time your organization is vulnerable.If an automatic update ability is available, it should be compared to the listing of posted updates to be sure it is accurate.It is recommended that new patches be tested in a controlled environment that mimics the infrustructure of the production environment before patches are applied.