Chapter 1
What Else Do You Need to Know?
Plenty--and I'll explain it all in the next seven chapters. My goal is to provide you with a
complete, detailed description of every aspect of change management. I'll also provide tips for
creating your own process and fitting it to your environment.
Network Change Management and Stability
In Chapter 2, I'll start by describing the effect that change management can have on business
performance. I'll look at a couple of short case studies from my consulting practice in which
change management had a definite impact on the business' overall stability. I'll also outline the
steps for creating a formal process for change, including:
· Reviewing and approving proposed changes
· Prioritizing change
· Assigning and compensating for risk
· Monitoring pending changes
· Documenting and archiving changes
I'll also talk about rollback, the process of undoing a change that caused problems. Even with the
most rigorous change-management process, it is possible for your changes to go awry; perhaps
there were factors outside your control that you didn't account for or a bug in a device's
firmware reared its ugly head. Regardless, any good change-management process will include a
process for backing out of a change and restoring things to working order as quickly as possible.
Network Change Management and Security
How can network change management affect network security? Any unplanned change is a
security incident. Even changes that have been authorized but not yet planned for are a security
problem. Without a change-management process in place, you'll never know when unauthorized
changes occur--and even with a solid plan in place, you will still need to prepare an incident
response.
Fortunately, change-management processes can be supported by a variety of tools that provide
for real-time monitoring and logging of changes, instant rollback to undo unauthorized changes,
and detailed auditing to track changes made on network devices.
I can't stress enough the importance of bringing security to network management. Government
regulations--such as the Health Insurance Portability and Accountability Act (HIPAA), CFR 21
Part 11, and the Gramm-Leach-Bliley Act--all place an incredible burden on specific industries
to maintain secure, accountable environments. Companies in these industries spend literally
millions of dollars coming into compliance with the laws, and don't often realize the gaping
vulnerability that their network management practices can represent.
16
Summary :
I'll also outline the steps for creating a formal process for change, including: · Reviewing and approving proposed changes · Prioritizing change · Assigning and compensating for risk · Monitoring pending changes · Documenting and archiving changes I'll also talk about rollback, the process of undoing a change that caused problems. Fortunately, change-management processes can be supported by a variety of tools that provide for real-time monitoring and logging of changes, instant rollback to undo unauthorized changes, and detailed auditing to track changes made on network devices.
Tags :
changes,management,process,network,ill,security,changemanagement,place,een,proide,need,stability,deices