Change Management And Infrastructure

at
Categories
Tags

 

Cybersecurity is critical to protecting an organization’s infrastructure. Even within the cybersecurity field, several people may be responsible for ensuring an organization’s infrastructure is protected.

Go to Basic Search: Strayer University Online Library to locate and integrate at least two quality, academic resources (in addition to your textbook) on how to apply change management principles to infrastructure protection. You may also use government websites, such as CybersecurityLinks to an external site. from the National Institute of Standards and Technology.

Explain the purpose of change management and how it applies to infrastructure protection.
Describe the methods organizations use to determine whether changes have been made to the infrastructure.
Outline the process to be followed prior to integrating any changes into a production environment.
Provide full citations and references, formatted according to Strayer Writing Standards.
This course requires the use of Strayer Writing Standards (SWS). The library is your home

 

Sample Solution

Cybersecurity is paramount for safeguarding an organization’s critical infrastructure. However, implementing security measures often involves changes to existing systems and processes. Here’s how change management principles are vital for ensuring effective and secure infrastructure protection.

Purpose of Change Management

Change management is a structured approach for planning, implementing, and monitoring changes within an organization ([Clemente & Gonzalez-Miranda, 2020]). It aims to minimize disruptions, ensure user adoption, and mitigate potential risks associated with change ([Project Management Institute, 2017]). In the context of cybersecurity, this translates to implementing security controls and updates with minimal disruption to core operations while also minimizing the window of vulnerability during the change process.

Detecting Changes in Infrastructure

Several methods can help organizations determine if unauthorized changes have been made to their infrastructure. These include:

  • File Integrity Monitoring (FIM): This technology continuously monitors critical system files for unauthorized modifications, alerting security teams to potential tampering attempts ([National Institute of Standards and Technology, 2023]).
  • Configuration Management (CM): This approach utilizes tools to track and document the desired configuration state of systems. Deviations from this baseline configuration can indicate unauthorized changes ([Chen et al., 2011]).
  • Security Information and Event Management (SIEM): SIEM systems aggregate logs from various security tools, providing a centralized view of security events. These logs can be analyzed for anomalies that may suggest unauthorized configuration changes. ([Security Information and Event Management (SIEM), 2023])

Change Integration Process for Production Environments

Integrating changes into a production environment requires a well-defined process to minimize security risks. Here’s a typical outline:

  1. Change Request and Approval: A formal request outlining the proposed change, justification, and potential impact is submitted for review and approval by a designated change management committee.
  2. Impact Assessment: The potential impact of the change on security, performance, and user experience is thoroughly evaluated.
  3. Testing and Validation: The proposed change is tested in a non-production environment to identify and address any issues before deployment.
  4. Change Implementation: The change is implemented in the production environment with a rollback plan in place in case of unforeseen problems.
  5. Post-Implementation Review: The impact of the change is monitored and reviewed to ensure it meets the desired outcomes and identify any unintended consequences.

This question has been answered.

Get Answer