September 29, 2015 By Domenico Raguseo 2 min read

The Need for Change Management

The increased security concerns within the IT sector has a direct consequence on the number of changes (i.e., patch installations to solve vulnerabilities, configuration changes to block an attachment, etc.) requested. Very often those changes are planned, driven by security or compliance requirements, the introduction of advanced technologies or other shifts, but sometimes the changes are driven by urgency when IT systems are under attack.

In any case, the need for proper governance of those incidents cannot be of secondary importance when compared with a security incident. In fact, the lack of governance would ultimately result in the interruption or disruption of service, which will impact business processes anyway. Effective governance can be achieved by integrating the security framework with the service management processes. This is a quite general concept, although it is possible to find excellent existing guidelines. Let me share what I think are the most important practices to consider when designing a service.

Best Practices to Handle Change in Security

1. Managing Reactions Within a Service Management Structure

If security information and event management (SIEM) responsibilities are to identify offenses and recommend particular reactions, the best practice is to have the change submitted within a proper change management process. The offense managed via the SIEM has to be transformed into an incident managed with a service desk tool. Change management can be effective by having a clear knowledge of the enterprise configuration. In fact, whether the change can be performed or not depends on the configuration of the various assets involved in — and the relationship between — the various assets.

2. Risk Management

If the previous section was about mitigating the risk of disruption depending on an unauthorized change, the objective of this section is to analyze the opposite aspect: Managing change must take into consideration the possible effect of a change on the enterprise in terms of security. Changes can sometimes be required in emergency situations, and they would be approved by an emergency review board — so the CISO needs to provide an answer quickly. Having a risk management tool integrated into the SIEM platform makes the integration of service management into the security framework that much more effective.

3. Integrating With Business Service Management

Very often the cost of a security incident is difficult to estimate, particularly if we consider factors such as brand reputation and other long-term impacts. Nevertheless, there are elements that could be easily predicted. This information can be used as the basis for a decision.

What are the elements of the service impacted, and what is the cost of interrupting such a service? If a security incident can be translated into an event to be processed by the business service manager — and if the business manager has visibility into the asset configurations, their relations and the architecture of the service — sizing the impact of an incident and eventual violation of a service level agreement could be done. While this is not an element that can be used to understand the cost of the security incident, it is something that can be used to make the proper decision.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today