Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Change control for rectifying vulnerabilities

Network Box : 21 October, 2009  (Technical Article)
Network Box provides advice as part of its "Forgotten Security" series on how to manage changes effectively when mitigating IT security vulnerabilities
Companies need to have change control procedures in place in order to safely rectify vulnerabilities once they have discovered them, according to new advice from managed security firm, Network Box.

In the third in its 'Forgotten Security' series, Change Control, Network Box advises companies of all sizes to implement a change control process, to ensure that any changes to the network, or to business applications, are made in a controlled, co-ordinated way, and do not lead to security vulnerabilities.

The advisory says that, in an ideal world, the team in charge of change control is separate from the team implementing the change, but in smaller businesses it could be as simple as being a formal process you go through with a colleague.

The guide provides ten steps to managing the change control process:

* Restrict authorisation: the fewer people who are permitted to make changes to the system, the less chance of mistakes being made.

* Follow criteria: why is the change needed? What is the impact on the business?

* Evaluate risk: what is the risk of involved in making the change?

* Keep records: who requested the change? When and how did they requested it?

* Test impact: test the impact of the change on security.

* Plan the change: all teams that will be affected by the change must be informed about when the change will occur, and what the impact will be on their work.

* Build and test: the change needs to be built and tested in a closed environment to minimise disruption to the network.

* Plan-B: have a back-up plan and ensure that the change can be reversed should you get an unexpected result.

* Implementation: keep users aware of when the changes will be rolled-out and ensure that they are briefed on what the changes are and how they impact their work.

* Review: was the change worth making? What is the user feedback?

Simon Heron, Internet Security Analyst at Network Box says: "It's completely understandable that small businesses, many of whom are already pressed for time and resources, think twice about implementing such an intensive process. However, the change control procedure has valuable short and long-term benefits. The requirement of a formal change request is often enough to make people consider whether the change really is as necessary, or as beneficial as they had first thought, and the reduction in errors that the process brings can save the company both time and money in the future."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo