The Need for Change Management

The increased security concerns within the IT sector has a direct consequence on the number of changes (i.e., patch installations to solve vulnerabilities, configuration changes to block an attachment, etc.) requested. Very often those changes are planned, driven by security or compliance requirements, the introduction of advanced technologies or other shifts, but sometimes the changes are driven by urgency when IT systems are under attack.

In any case, the need for proper governance of those incidents cannot be of secondary importance when compared with a security incident. In fact, the lack of governance would ultimately result in the interruption or disruption of service, which will impact business processes anyway. Effective governance can be achieved by integrating the security framework with the service management processes. This is a quite general concept, although it is possible to find excellent existing guidelines. Let me share what I think are the most important practices to consider when designing a service.

Best Practices to Handle Change in Security

1. Managing Reactions Within a Service Management Structure

If security information and event management (SIEM) responsibilities are to identify offenses and recommend particular reactions, the best practice is to have the change submitted within a proper change management process. The offense managed via the SIEM has to be transformed into an incident managed with a service desk tool. Change management can be effective by having a clear knowledge of the enterprise configuration. In fact, whether the change can be performed or not depends on the configuration of the various assets involved in — and the relationship between — the various assets.

2. Risk Management

If the previous section was about mitigating the risk of disruption depending on an unauthorized change, the objective of this section is to analyze the opposite aspect: Managing change must take into consideration the possible effect of a change on the enterprise in terms of security. Changes can sometimes be required in emergency situations, and they would be approved by an emergency review board — so the CISO needs to provide an answer quickly. Having a risk management tool integrated into the SIEM platform makes the integration of service management into the security framework that much more effective.

3. Integrating With Business Service Management

Very often the cost of a security incident is difficult to estimate, particularly if we consider factors such as brand reputation and other long-term impacts. Nevertheless, there are elements that could be easily predicted. This information can be used as the basis for a decision.

What are the elements of the service impacted, and what is the cost of interrupting such a service? If a security incident can be translated into an event to be processed by the business service manager — and if the business manager has visibility into the asset configurations, their relations and the architecture of the service — sizing the impact of an incident and eventual violation of a service level agreement could be done. While this is not an element that can be used to understand the cost of the security incident, it is something that can be used to make the proper decision.

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read