Life As Techies

Continue, In the previous article, discussed about flow change management process and the supporting elements to properly implement change management in initial phase. Furthermore, this article will focusing on the supporting document and what kind of the information that will be used as a legal document to ask permission to implement changes in the system.

Continue, In the last article, already discuss about the advantages of using Service Catalogue and CMDB in change management process. To remind, both of them are use to record all services used in the enterprise and to define which CI ( Configuration Items ) used to support existing services. For this article, it will be focusing to discuss process and the supporting element which required to apply change management in the enterprise.

Continue, In the previous article, I already define the advantages and references that can be used for Change Management process, in this article it will focusing on what the important parameters used to ensure enablement and supporting Change Management to be applied in your enterprise.

Background Have business activity of your enterprise suddenly disturbed caused by IT problem? And the internal didn't know what causing it. Everyone become busy to check their own job and sometimes pointing fingers to others is the best solutions to save their own seat. That's the reality. To find the root cause of the problem is one thing, but to recover the system from disturbance is the mandatory. Usually when the system already recover, finding the root cause might be forgotten by the internal because they return to their daily activities. Or might be the root cause become another long list mystery to be unsolved. Why it can be happen? because there's no change management properly applied in the enterprise. They can't track every changes that might affect to the enterprise.

Background From the previous article, I already define what do you need to plan before start to utilize NGWF box. Set of requirements must be clearly define, be documented and be approved by internal team. This process should be define as mandatory because this will be come internal justification and evaluation in the future. For example, if there's an audit activity which focusing on this area then the enterprise could safe their spot when auditor questioning their decision. So start documenting your activities! Back to business, do the enterprise need to enable all features in single box firewall / divided into specific security devices solutions?

Background Having an Firewall to securing perimeter gateway in enterprise network is a mandatory requirement nowday. Without it, enterprise will have vulnerabilities that might be exposed to external and would be increasing possibility security incidents occur that impact to enterprise business activity. Enterprise should be aware of this security risks. When everything transforming become digital, existence of information classification start from lowest (public) to highest (confidential) should be define by enterprise. Every single information that invaluable could be very valuable especially by unauthorized persons. Accessing to information classification should be limited only to authorized person only. This is one of the firewall role.