Joined: Jul 15, 2009 Posts: 42 Location: United States
Posted: Tue Jan 19, 2010 1:33 am Post subject: Detection techniques
We have a perceived (and likely real) issue where changes are being implemented both without logging the work in our tool and without change management authorization. The problem seems to be more of a common place in one or two particular region than others.
I'm curious what types of detection tools you all have in place to monitor this type of activity. Logic would tell me we could put in a 'big brother' type of system but then we would need resources to actively manage and follow up on it. In our current staffing, we have a change team of 2 for a global multi-region organization and just keeping up with the CAB's and approvals is a full time job.
Just to give you some background, we started off 2009 tracking those changes (that were logged) which deviated from the process. We finished out the year with around a 96% compliance rating. On the surface this doesn't sound too bad however when you look at the actual numbers, it's shameful and people need to be smacked.
You're review and feedback on this are most welcome and appreciated!
what kind of changes are you talking about can you be more specific? do you have access restriction in place? or is it a theme park were everyone have rights to do what ever they want? if thats the case then this is where you should be starting. Do you have a realease department? I'm assuming not, cause if you had one wouldnt be facing such problems, unless you got your process from that same park I was talking about earlier
Your looking at the issue from the wrong angle Changeborg, if I correctly understood your issue, then you need to understand what release management is, get it implemented, also get Access measurements in place before you get a serious issue.
TCO _________________ Ali Makahleh
Configuration Management(Blue Badge),
ITILV2 Service Manager(Red Badge),
ITILV3 Expert(Lilac Badge) Certified.
“If you can't describe what you are doing as a process, you don't know what you're doing." W. Edwards Deming.
Last edited by thechosenone69 on Tue Jan 19, 2010 9:34 pm; edited 1 time in total
Joined: Jul 15, 2009 Posts: 42 Location: United States
Posted: Tue Jan 19, 2010 12:53 pm Post subject:
Defined Release process = No
We do have application teams who follow internal release processes but they are very much team centric and follow no true global process. We do have separation of duties but alas this is different than what I am after. As mentioned, we are beginning the process adoption of release from what I hear but at this point, am unsure of it's status or who is running with it.
I would love to have access restrictions in place to prevent unauthorized changes from going in and access granted only when changes are approved to be implemented. I envision the usage of a big brother system that can not only monitor this type of activity but lock it down when breaches are detected.
Joined: Mar 04, 2008 Posts: 1893 Location: Helensburgh
Posted: Tue Jan 19, 2010 6:21 pm Post subject:
Release needs to be under operational control, not development.
Release puts things on the infrastructure and has to be ultimately subject to infrastructure management including change management.
Release management is a service management activity, not an application support activity.
The bit of the release process that the application people contribute is to do with the configuring of the application and providing service management with the information as to the application's infrastructure and operational requirements and characteristics. Service Desk, Capacity Management, Availability Management, Change Management, Operations Management, Infrastructure Management all at the very least need to know about it and need to approve the release from their perspective.
In short ... take it away from the apps people. _________________ "Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Joined: Sep 16, 2006 Posts: 3475 Location: London, UK
Posted: Tue Jan 19, 2010 6:25 pm Post subject:
1 - get a global policy in place for change and release mgmt
2 - you need to get the individuals who have admin right or equivilent - ie those who can do changes - under control so that you can deal with un'documented' or 'un 'authorized' changes
As for monitoring tools, yes there are monitoring tools - but they all require the following
installation of s/w on device
admin accounts -
the proper use fo the tools requires tighter admin control of sys level accounts _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
Joined: May 08, 2008 Posts: 39 Location: South West
Posted: Fri Jan 22, 2010 12:36 am Post subject:
I'd consider getting support from whomever you have monitoring network activity, logging incidents and using the systems. Whilst detection tools can be very expensive, why don't you make use of the many eyes and ears you already have around the business who will be able to tell you when there are clear marks of suspicious activity around your systems.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum