Cybersecurity is critical to protecting an organization’s infrastructure. Even within the cybersecurity field, several people may be responsible for ensuring an organization’s infrastructure is protected.
Go to Basic Search: Strayer University Online Library to locate and integrate at least two quality, academic resources (in addition to your textbook) on how to apply change management principles to infrastructure protection. You may also use government websites, such as Cybersecurity from the National Institute of Standards and Technology.
Please respond to the following in a post of at least 200 words:
- Explain the purpose of change management and how it applies to infrastructure protection.
- Describe the methods organizations use to determine whether changes have been made to the infrastructure.
- Outline the process to be followed prior to integrating any changes into a production environment.
- Provide full citations and references, formatted according to Strayer Writing Standards.
- For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.
In 60 to 75 words, please respond to the student’s post below:
Professor and Peers,
Ed here. This week, we are discussing change management and infrastructure. What is it? What is its purpose? How does the change management apply to infrastructure protection? What are the methods organizations use to determine whether changes have been made to the infrastructure? And what is the process to be followed prior to integrating any changes into a production environment? These and much more are issues we are going to be tackling.
What is change management?
I see change management as a set of strategies, processes, and procedures. Companies use it to manage organizational changes. It helps the transition go smoothly.
What is the purpose of change management?
The purpose of change management, I would assume, is to ensure that standardized methods, processes, and procedures are used for all changes, facilitate efficient and prompt handling of changes, and maintain the proper balance between the need for change and the potential detrimental impact it can cause.
How does change management apply to infrastructure protection?
A mere view can tell us, professor and peers, that changes happen frequently. New security patches come out that must be installed, new versions of existing software are issued, new software is added, network changes are made, assets are replaced, and new assets are introduced. The list goes on and on. Every time a cyber system or asset is changed, the potential exists for one or more cyber security controls to be negatively affected. This makes configuration change management one of the most important parts of the critical infrastructure protection program. When changes to one or more cyber systems or assets are made, configuration change management is responsible for maintaining the desired cyber security posture. And from CISA, i.e., the cybersecurity & infrastructure security agency, we are told that Our Nation’s well-being relies upon secure and resilient critical infrastructure—the assets, systems, and networks that underpin American society. The National Infrastructure Protection Plan (NIPP) (NIPP 2013): Partnering for Critical Infrastructure Security and Resilience—outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.
What are the methods organizations use to determine whether changes have been made to the infrastructure?
In my reasoning, organizations have to examine their current policies, procedures, work processes and equipment to find out how long those particular items have been in place. If they have been used for quite a certain amount of time, then the organization should consider making changes to reflect current technology, trends and cultural/societal changes. To put it another way, professor and peers, projects and programs by their very nature cause change.
What is the process to be followed prior to integrating any changes into a production environment?
Several approaches are out there, but I would consider the following steps as the process to be followed prior to integrating any changes into a production environment:
- Requirements gathering
- Architecture design
- Systems integration design
I think, this covers the required discussion points for the week.