Improving Security with ITIL: Change Management
IT infrastructure is dynamic and keeping up with business requirements means we have to be pretty agile when it comes to configuring, redeploying and managing software and hardware assets. ITIL takes this problem head on by addressing change management.
Change management can be reduced to 5 key processes:
• Planning – managers and system administrators need to plan roles and responsibilities, establish polices for change management and create a centralized configuration management database (CMDB).
• Identifying assets – we need to keep a detailed inventory of the assets, both hardware and software; the information should be tracked in the CMDB.
• Establishing controls on the CMDB – the asset inventory in the CMDB is the basis for streamlining management which in turn supports better security. Keep the CMDB locked down and update it using only established and tested procedures.
• Monitoring the status of assets. Automation is critical here; log files can grow too quickly to analyze without tools for identifying significant events.
• Auditing change management procedures to make sure they are followed.
In addition to the 5 processes, change management in any but the smallest organizations is going to require a centralized repository, the CMDB. The CMDB track information on configuration items (CI). Each CI entry should track:
• Technical data about the item, like hardware description, version numbers, serial numbers, etc.
• Organization information, such as who owns the asset, who manages it, and documentation on the asset
• Relationship data about how the asset fits with other assets.
For more on change mangagement, see the ITIL main site as well as The Definitive Guide to Enterprise Change Management and The Definitive Guide to Service Oriented Systems Management
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
