Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: CCavill
New Today: 131
New Yesterday: 154
Overall: 131029

People Online:
Visitors: 71
Members: 6
Total: 77 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ® ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Detection techniques
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Detection techniques

 
Post new topic   Reply to topic    ITIL Forum Index -> Change Management
View previous topic :: View next topic  
Author Message
changeborg
Itiler


Joined: Jul 15, 2009
Posts: 40
Location: United States

PostPosted: Tue Jan 19, 2010 1:33 am    Post subject: Detection techniques Reply with quote

We have a perceived (and likely real) issue where changes are being implemented both without logging the work in our tool and without change management authorization. The problem seems to be more of a common place in one or two particular region than others.

I'm curious what types of detection tools you all have in place to monitor this type of activity. Logic would tell me we could put in a 'big brother' type of system but then we would need resources to actively manage and follow up on it. In our current staffing, we have a change team of 2 for a global multi-region organization and just keeping up with the CAB's and approvals is a full time job.

Just to give you some background, we started off 2009 tracking those changes (that were logged) which deviated from the process. We finished out the year with around a 96% compliance rating. On the surface this doesn't sound too bad however when you look at the actual numbers, it's shameful and people need to be smacked.

You're review and feedback on this are most welcome and appreciated!
Back to top
View user's profile
thechosenone69
Senior Itiler


Joined: Jun 06, 2007
Posts: 268

PostPosted: Tue Jan 19, 2010 2:22 am    Post subject: Reply with quote

Hidden camera's (dirty smirk).

Changeborg?

what kind of changes are you talking about can you be more specific? do you have access restriction in place? or is it a theme park were everyone have rights to do what ever they want? if thats the case then this is where you should be starting. Do you have a realease department? I'm assuming not, cause if you had one wouldnt be facing such problems, unless you got your process from that same park I was talking about earlier Smile

Your looking at the issue from the wrong angle Changeborg, if I correctly understood your issue, then you need to understand what release management is, get it implemented, also get Access measurements in place before you get a serious issue.

Regards,

TCO
_________________
Ali Makahleh
Configuration Management(Blue Badge),
ITILV2 Service Manager(Red Badge),
ITILV3 Expert(Lilac Badge) Certified.

“If you can't describe what you are doing as a process, you don't know what you're doing." W. Edwards Deming.


Last edited by thechosenone69 on Tue Jan 19, 2010 9:34 pm; edited 1 time in total
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3256
Location: London, UK

PostPosted: Tue Jan 19, 2010 3:21 am    Post subject: Reply with quote

CB

As TCO you have a different issue


Access rights, passwords for admin acccounts, periodic changes to password

is more where you need to look

for example: if this is application code deployment, then who has sudo right and apps password

if this is system work, who had domain admin, system admin
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
changeborg
Itiler


Joined: Jul 15, 2009
Posts: 40
Location: United States

PostPosted: Tue Jan 19, 2010 12:53 pm    Post subject: Reply with quote

Defined Release process = No

We do have application teams who follow internal release processes but they are very much team centric and follow no true global process. We do have separation of duties but alas this is different than what I am after. As mentioned, we are beginning the process adoption of release from what I hear but at this point, am unsure of it's status or who is running with it.

I would love to have access restrictions in place to prevent unauthorized changes from going in and access granted only when changes are approved to be implemented. I envision the usage of a big brother system that can not only monitor this type of activity but lock it down when breaches are detected.
Back to top
View user's profile
Diarmid
Senior Itiler


Joined: Mar 04, 2008
Posts: 1884
Location: Newcastle-under-Lyme

PostPosted: Tue Jan 19, 2010 6:21 pm    Post subject: Reply with quote

Release needs to be under operational control, not development.

Release puts things on the infrastructure and has to be ultimately subject to infrastructure management including change management.

Release management is a service management activity, not an application support activity.

The bit of the release process that the application people contribute is to do with the configuring of the application and providing service management with the information as to the application's infrastructure and operational requirements and characteristics. Service Desk, Capacity Management, Availability Management, Change Management, Operations Management, Infrastructure Management all at the very least need to know about it and need to approve the release from their perspective.

In short ... take it away from the apps people.
_________________
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Back to top
View user's profile Send e-mail
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3256
Location: London, UK

PostPosted: Tue Jan 19, 2010 6:25 pm    Post subject: Reply with quote

CB

1 - get a global policy in place for change and release mgmt
2 - you need to get the individuals who have admin right or equivilent - ie those who can do changes - under control so that you can deal with un'documented' or 'un 'authorized' changes

As for monitoring tools, yes there are monitoring tools - but they all require the following

installation of s/w on device
admin accounts -

the proper use fo the tools requires tighter admin control of sys level accounts
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
kinger
Itiler


Joined: May 08, 2008
Posts: 39
Location: South West

PostPosted: Fri Jan 22, 2010 12:36 am    Post subject: Reply with quote

I'd consider getting support from whomever you have monitoring network activity, logging incidents and using the systems. Whilst detection tools can be very expensive, why don't you make use of the many eyes and ears you already have around the business who will be able to tell you when there are clear marks of suspicious activity around your systems.
Back to top
View user's profile MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Change Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest © 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.