Three Levels of Change: The Good, the Bad and the Approved
What I’ve found throughout the years is that the only constant in life is the fact that everything changes and changes frequently. I can’t even get a consistent scenery on my way to work longer than a couple of weeks before something is different!
At the same time, the world of technology is in constant flux whether it’s new technology or updates to automated tools that interact with all sorts of servers or services running throughout an environment. In this sea of changes, how do you know what the important changes are?
I think everyone will agree that tracking changes is nothing but a good thing. But getting inundated with all the noise is a very real possibility. I’m going to therefore define what I view as the three levels of change to help filter through all the white noise to really get down into the action.
Level #1: Is It Approved?
The first level of change will be around if the change is approved. Is the change coming from an expected business process? There are various ways you can determine whether a change is approved.
One of the best ways is to reconcile the changes against an existing change management process by leveraging work already to approve changes, while at the same time validating only approved changes are occurring.
There are other indicators that can be used to know whether a change is part of normal business operations, as well. For instance, you can compare the changes to a manifest from Microsoft for Patch Tuesday. In this instance, if the change matches what is to be expected from a patch, then you know it will be expected and better yet will allow you to capture unexpected changes that happen at the same time as the patching.
Each environment is (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Thomas Keck. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/three-levels-change-good-bad-approved/
