Access "Integrated change management reduces security risks"
This article is part of the November 2009 issue of How to implement a change management that works and reduces security risks
Networks and data centers are in constant flux. In large organizations, it's rare for a day to go by where we don't need to provision new servers or users, upgrade critical systems, patch databases, change firewall rules or update Web applications. But while change is a natural and necessary part of network growth, unmanaged change can quickly lead to chaos that exposes critical data and resources to attack. To prevent exposure, change management systems and procedures are implemented to help companies ensure that policies and approvals are met before a change to the system is implemented. But simply putting a change management process in place is not sufficient. As Pete Lindstrom, research director of Spire Security explains, "If you are creating a change management process because you don't want anything to change, you are missing the point." Rigid, poorly implemented change management processes can be perceived as gating factors covered in red tape that slow growth and impede work. Done correctly, change management integrates seamlessly into the ... Access >>>
Premium Content for Free.
Messaging security risks have upper hand on solutions
Spam, phishing and infected attachments continue to plague messaging platforms, despite sophisticated protection. What's the answer?
Enterprises must treat Insider risk as they do external threats
Enterprises can no longer differentiate between insiders and external threats. That's such a 2003 paradigm.
- Messaging security risks have upper hand on solutions
Metasploit Project acquisition ups ante for penetration testing market
Rapid7's acquisition of the Metasploit Project takes down one of the few remaining open source security projects. But expect a smooth transition; there have been many success stories and mistakes made to learn from.
Integrated change management reduces security risks
by Diana Kelley and Ed Moyle
Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it.
- Metasploit Project acquisition ups ante for penetration testing market
Time is now for pandemic flu planning
Safeguarding your organization against a H1N1 outbreak should be a top priority.
Schneier-Ranum Face-Off: Is antivirus dead?
Security experts Bruce Schneier and Marcus Ranum debate the longterm viability of antivirus software.
Standards compliance does not equal sound information security risk management
The checklist approach to security is easy, but the result is poor security.
- Time is now for pandemic flu planning
More Premium Content Accessible For Free
Application security policy after Heartbleed
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...
Devising a security strategy for the modern network
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...
The big data challenge: What's in store for NoSQL security
In the rush to capitalize on big data, many companies forget that developing an ecosystem of structured and unstructured data means higher risk of ...