SINGAPORE, 22 OCTOBER 2009 - International managed security services company Network Box (NBL), has released the third part of its ‘Forgotten Security’ series, Change Control. The security firm advises companies to have change control procedures in place so that they can safely rectify vulnerabilities as soon as they are discovered.
The change procedures should not be implemented only by the industry heavyweights and is recommended for companies of all sizes. A change control process ensures that any changes to the network, or to business applications, are made in a controlled, co-ordinated way. Companies following this advice have lower susceptibility towards security vulnerabilities.
How to manage the change control process
Network Box recommends separating the team in charge of change control from the team implementing the change. But business processes are different for smaller companies and both steps are often completed by the same team.
“It’s completely understandable that small businesses, many of whom are already pressed for time and resources, think twice about implementing such an intensive process,” said Simon Heron, Internet security analyst at Network Box. “However, the change control procedure has valuable short and long-term benefits. The requirement of a formal change request is often enough to make people consider whether the change really is as necessary, or as beneficial as they had first thought, and the reduction in errors that the process brings can save the company both time and money in the future.”
The research firm suggests companies follow a ten-step guide to manage the change control process. These steps are:
- Restrict authorisation: allowing fewer people to make changes reduces chance of mistakes.
- Follow criteria: tells you the reason why change is important and its impact on the business.
- Evaluate risk: risks associated with the decision to change.
- Keep records of people who requested the change.
- Test impact of the change on security.
- Plan the change and involve employees.
- Build and test the change in a closed environment to minimise disruption to the network.
- Have a back-up plan ready.
- Planned implementation and
- Review of the entire process.
“One of the many benefits of a formal change request is more efficient and effective security,” said chief technology officer for Network Box, Mark Webb-Johnson. “When the network is optimised, business continuity increases and the probability of business downtime is drastically reduced or even eliminated. This further translates into more client trust and better business profitability.”
