September 29, 2015 By Domenico Raguseo 2 min read

The Need for Change Management

The increased security concerns within the IT sector has a direct consequence on the number of changes (i.e., patch installations to solve vulnerabilities, configuration changes to block an attachment, etc.) requested. Very often those changes are planned, driven by security or compliance requirements, the introduction of advanced technologies or other shifts, but sometimes the changes are driven by urgency when IT systems are under attack.

In any case, the need for proper governance of those incidents cannot be of secondary importance when compared with a security incident. In fact, the lack of governance would ultimately result in the interruption or disruption of service, which will impact business processes anyway. Effective governance can be achieved by integrating the security framework with the service management processes. This is a quite general concept, although it is possible to find excellent existing guidelines. Let me share what I think are the most important practices to consider when designing a service.

Best Practices to Handle Change in Security

1. Managing Reactions Within a Service Management Structure

If security information and event management (SIEM) responsibilities are to identify offenses and recommend particular reactions, the best practice is to have the change submitted within a proper change management process. The offense managed via the SIEM has to be transformed into an incident managed with a service desk tool. Change management can be effective by having a clear knowledge of the enterprise configuration. In fact, whether the change can be performed or not depends on the configuration of the various assets involved in — and the relationship between — the various assets.

2. Risk Management

If the previous section was about mitigating the risk of disruption depending on an unauthorized change, the objective of this section is to analyze the opposite aspect: Managing change must take into consideration the possible effect of a change on the enterprise in terms of security. Changes can sometimes be required in emergency situations, and they would be approved by an emergency review board — so the CISO needs to provide an answer quickly. Having a risk management tool integrated into the SIEM platform makes the integration of service management into the security framework that much more effective.

3. Integrating With Business Service Management

Very often the cost of a security incident is difficult to estimate, particularly if we consider factors such as brand reputation and other long-term impacts. Nevertheless, there are elements that could be easily predicted. This information can be used as the basis for a decision.

What are the elements of the service impacted, and what is the cost of interrupting such a service? If a security incident can be translated into an event to be processed by the business service manager — and if the business manager has visibility into the asset configurations, their relations and the architecture of the service — sizing the impact of an incident and eventual violation of a service level agreement could be done. While this is not an element that can be used to understand the cost of the security incident, it is something that can be used to make the proper decision.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today