Joined: Jul 15, 2009 Posts: 41 Location: United States
Posted: Wed Mar 03, 2010 1:07 am Post subject: Sensitive Changes
I'm curious how others out here in the community manage situations like what we recently experienced.
With what has been in the news lately with all the hacking of Fortune 500 companies and propriatary and sensitive information being stolen, our company is taking steps to help secure our data among other efforts.
Because this is rated as confidential (i.e. highly sensitive) and of high risk to the overall organization, our security guys do not want the CAB's to have visibility over this work to ensure any potential security breaches actually are detected rather than closed up without finding the 'holes'.
I'm curious how those in large global organizations manage these types of changes to remove the visibility from CAB but still keep the CM team aprised of the work so any potential incidents resulting from the work can be monitored. We've tossed around the idea of removing it from our FSC but this report is 100% automated and would remove other data needed for the report.
Joined: May 25, 2008 Posts: 413 Location: Sydney, Australia
Posted: Wed Mar 03, 2010 8:40 am Post subject:
Who has access to the CAB documents?
What about confidentiality agreements and (perhaps) security clearances?
The work still has to be scheduled. Are they even unwilling to state the work needs to be done?
Is it possible for the RFCs to only contain high level information, or is the information linked to your CMS?
Just trying to understand..... _________________ DYbeach
ITIL V3 Release, Control & Validation,
ITIL V3 Operation SUpport & Analysis
PMI CAPM (R)
"In times of universal deceit, telling the truth will be a revolutionary act." George Orwell
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum