Been there too. Got the t-shirt and everything myself several times over
a 38 year career.
Mark Jacobs
John McKown <mailto:john.archie.mck...@gmail.com>
August 2, 2017 at 8:42 AM
​Hum, around here when I "poke my nose in where it doesn't belong", it
tends to get whacked. My immediate manager is well aware of what is going
on. I am sure that he has let his manager know. It has most likely been
"risk assessed and accepted"​.
​-​
-
Veni, Vidi, VISA: I came, I saw, I did a little shopping.
Maranatha! <><
John McKown
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
the original message as an attachment to 'phish...@timeinc.com'.
Timothy Sipples <mailto:sipp...@sg.ibm.com>
August 2, 2017 at 3:52 AM
It is your job, too. You just write (yes write) something like:
- - - -
August 2, 2017
Dear (My Manager):
I would like to make you aware that we are no longer receiving
security-related and other patches for the following software products and
release levels that are in productive use, as of the dates indicated:
z/OS Version 1.12 2014-09-30
CICS Transaction Server Version 3.2 2015-12-31
DB2 for z/OS Version 9.1 2014-06-27
Without security patches, and without an ongoing preventive maintenance
program to apply them, there is a growing risk of breaches. We are also
running software products that will receive security updates only for the
next 12 months or less. I can provide those details upon request.
If you have any questions, please let me know. Thanks.
(My Signature)
- - - -
That's it. You've provided the factual information, in writing (which
could
be electronic), and your manager decides what to do or not to do. If
you've
already done that, great. If there's a material update to provide, to keep
management reasonably well informed, please do.
Just apply a "reasonable care" standard and tell your manager, that's all.
If you're a secretary at an electric company, walking along the park one
sunny afternoon, and you see a couple people trying to steal a utility
pole, "not my job" doesn't wash. You call the police, and you tell your
boss. Likewise, if somebody has left the door open to the utility pole
depot, you ring up your company's security desk and tell them. Whether
they
do anything or not is indeed *their* job, but you can observe and notify,
too.
--------------------------------------------------------------------------------------------------------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
the original message as an attachment to 'phish...@timeinc.com'.
--
Mark Jacobs
Time Customer Service
Global Technology Services
The standard you walk past is the standard you accept.
Lt. Gen. David Morrison
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN