Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: Pinoshkaa1955
New Today: 11
New Yesterday: 43
Overall: 146520

People Online:
Visitors: 46
Members: 1
Total: 47 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Indentifying Changes without detective software
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Indentifying Changes without detective software

 
Post new topic   Reply to topic    ITIL Forum Index -> Change Management
View previous topic :: View next topic  
Author Message
mmallory
Newbie
Newbie


Joined: Sep 04, 2007
Posts: 2

PostPosted: Tue Oct 30, 2007 6:09 am    Post subject: Indentifying Changes without detective software Reply with quote

I'm not sure how to phrase this question correctly so please excuse me if it doesn't make sense.

In my current company we have a Change Management process that has been established for a number of years. In understanding more of the ITIL world over the past year, what we currently have is by no means perfect, or even really that good. But it is a process that is followed by most groups in my org.

In reading some whitepapers of identifying changes, I have seen many graphs that talk about the Change Management maturity level, currently I believe my company to be in the "On Your Honor" level - There is a process, you should follow it. But there is no real ramifications if you don't and we really won't know if you follow it or not anyway. - In an effort to change this somewhat I am stuck with the question of: How can you identify unauthorized changed, without using Tripwire, or other related software?

Tripwire has been a hot topic at our company and there have been a few projects to implement it on a larger scale, but these have been postponed due to financial constraints. While I understand that Tripwire, or other detective controls are extremely powerful, I am wondering if there are other methods for indentifying changes that, while may be more time consuming, are something that might be quciker to implement, and gain some short term benefit.

So question for the masses: Other than software, what other methods can I employ to help in identifying unauthorized changes to my environments, so that I can better understand where to improve my processes?

Thanks in advance for your responses.

Matt
Stuck in Change Management Limbo
Back to top
View user's profile
pac666
Itiler


Joined: Sep 15, 2006
Posts: 22

PostPosted: Tue Oct 30, 2007 11:03 pm    Post subject: Reply with quote

Service Desk incidents often prove a good pointer to an unauthorised change. The biggest cause of incidents is change. If you dig deeper into an incident that you cannot relate to a change then you may well find an unauthorised change.

Other sources:

Word of mouth etc is a surprisingly effective tool! (keep your ear to the ground)

Minutes of Meetings (discussing changes you haven't heard about!)

If you have a CMDB any inconsistencies with the real world could be caused by unauthorised change (or failure to update CMDB)

Physical and Electronic audits of the infrastructure against what is documented.

Hope these help, but yes I agree to be effective you really need a tool.
Back to top
View user's profile Send e-mail
llondra
Newbie
Newbie


Joined: Jul 25, 2007
Posts: 7

PostPosted: Wed Oct 31, 2007 3:44 am    Post subject: Reply with quote

Reboot reports.
Back to top
View user's profile
Timo
Senior Itiler


Joined: Oct 26, 2007
Posts: 295
Location: Calgary, Canada

PostPosted: Sat Nov 03, 2007 1:18 am    Post subject: Reply with quote

Agreed with the previous posters. Without either automated tools or people in place to conduct audits, your other options would be to keep your ears open. That might be a bit hard if you work in a large or even medium size company.

In my last place of employment we've had somewhat similar situation although most changes have been logged in the ticketing app. However, there was no formal approval or review process and consequenlty for the most part it all reduced down to the 'Honor system'. Which, as you may have figured did not work out great. Not because people are dishonest, but because as a creator of change you tend to think that it's perfect Wink

Anyway, my approach would be to start soliciting equally minded individuals from different team to start monitor any changes that happen in their respective groups. You're still not going to catch every unauthorized change, however, you will get a clearer picture as to what's going on.

If the overall goal is to get rid of such changes, there is no way you can do it without changing your Change Management process to ensure proper roles and procedures are in place to exersice control of the process.

Sorry, my answer might be a bit vague, but it is kind of hard to answer definitively without having enough detail on the issue.

Cheers,

Michael
Back to top
View user's profile
Timo
Senior Itiler


Joined: Oct 26, 2007
Posts: 295
Location: Calgary, Canada

PostPosted: Sat Nov 03, 2007 2:28 am    Post subject: Reply with quote

Agreed with the previous posters. Without either automated tools or people in place to conduct audits, your other options would be to keep your ears open. That might be a bit hard if you work in a large or even medium size company.

In my last place of employment we've had somewhat similar situation although most changes have been logged in the ticketing app. However, there was no formal approval or review process and consequenlty for the most part it all reduced down to the 'Honor system'. Which, as you may have figured did not work out great. Not because people are dishonest, but because as a creator of change you tend to think that it's perfect Wink

Anyway, my approach would be to start soliciting equally minded individuals from different team to start monitor any changes that happen in their respective groups. You're still not going to catch every unauthorized change, however, you will get a clearer picture as to what's going on.

If the overall goal is to get rid of such changes, there is no way you can do it without changing your Change Management process to ensure proper roles and procedures are in place to exersice control of the process.

Sorry, my answer might be a bit vague, but it is kind of hard to answer definitively without having enough detail on the issue.

Cheers,

Michael
Back to top
View user's profile
tolman101
Itiler


Joined: Sep 26, 2005
Posts: 44
Location: Sweden

PostPosted: Tue Nov 06, 2007 6:42 am    Post subject: Reply with quote

Hi,

"How can you identify unauthorized changes, without using Tripwire, or other related software?". This is a very valid question but if you manage to answer it you will only get an idea of how many unauthorized changes there are, which leads to another question of what the organizational response will be to unauthorized changes so as to minimize them in the future.

Instead you could just skip the middle man and suppose its 50% unauthorized changes. If you don't have the money or time to buy tools or rumage around in incident records, my advice would be to ask another question "why would people not follow change management?"

Brainstorm this and then give it some attention.

Hope this helps.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Change Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.