preview

Change Management Plans for IT Systems in Organizatons

Satisfactory Essays
In the world of information technology nothing will stay the same for very long. Change is inevitable, all organizations will must change with the times. An organization that lacks the ability to change will be left behind. In information technology when an organization does not change, it leaves itself vulnerable to attacks by hackers and criminals. A change management plan helps an organization
Figure out new ways to penetrate into systems. As the organization grows. One is a list of all scheduled authorized changes. The second was a list of all unauthorized changes. The third one is, what are the consequences and the ramifications to that person who made those unauthorized changes? Gene Kim: http://www.cert.org/podcast/show/20061114kim.htm
The Chief security officer roles is, to develop, test, and maintaining the change management plans. They are also responsible for integrating third party software by analyzing the type of impact it will have on the organization’s when there are implemented. The CSO must also provide oversight by “monitoring and enforcing change management plans.” Small changes may “negatively affect your organization's security posture by creating vulnerabilities or weakening security controls.”( http://tychousa12.umuc.edu/cgi-bin/id/CDI/index.pl?class=1309:CSIA413:7982&module=3&default=M3-Module_3%2FS1-Overview.html)
Change management is not a one person job, it requires a team of experienced personnel comes together to implement a process. They will work under the CSOs guidance and should be responsible for implementing changes and preventing unauthorized changes to the information security systems. In some organizations the “CSO and chief information security officer (CISO), with a separation of duties between facilities and personnel security, as well as between information security and information technology (IT) security.” (Allen and Westby, 2007, Pg. 2) When an organization has both a CSO and CISO they share the responsibility for developing, testing and maintaining the change management plan. In a large organization it might be nessacary to implement separation of duties, so that CSO and the CISO cannot take advantage of the system. This can also minimize the impact if the organization was to lose its CSO or CISO.
Some large organizations use change advisory boards, which is responsible for working request for changes through the change management process. The benefit of using this type of change management is that you can provide guidance on how to process change. When the change does not meet the specific criteria, it does make it to the person who approves the changes. This eliminates the need review request for changes that are not worthy of consideration.
Get Access