8 steps for an effective change management process smartsheet

Student one:

To answer the first question:

Security Administration is a vital part of a company’s security. They are the key to its planning, designing, implementing, and monitoring. Before even setting the team, it has to be decided exactly what kind of information is the company looking to protect; what’s its level of security (is it just personal – credit card info or top-secret – government secrets) Once decided that the security team is needed, and it always is, each member of the team will be given a certain task so all of the responsibility doesn’t fall on one person with the Security Administrator heading the group. As stated in Chapter 6, “The the primary task of an organization’s security administration team is to control access to systems or resources.” (Kim, 2013) This means that the team is responsible for which employees will get onto the network and access certain applications and which ones won’t. The Security Admin and team deal with the four areas of Access control. The first being Identification or the ability to have credentials provided to validate their authentication, Authorization or the ability to provide the users who have permission to be on the system the ability to do so. Authentication or the ability of the user to prove they are who they say they are and the most important, Accountability or the ability to keep track by the use of logs what is happening on the system and who was using it at that time.

To answer the second question:

As a company grows and becomes more productive, their security measures also need to change. It’s important as this growth takes place to always go over the present security policies to see what needs updating and what can stay the same. One effect is to realize that a company’s needs will change. When setting up any security policy, it’s important to realize it’s not a one time deal but something that will need to be addressed over and over as time goes on. The next thing is to discuss what needs to be done with the upper-level management and those who will be part of any upgrades. Communication is very important and all those involved needs to be kept a part of any changes made. The next step will be to set up the plan of what the changes will be and how they’ll be done, what will need to change and what won’t. Once all of that is done, the biggest step is to set the changes into motion. This may also come with the need to train employees on these new procedures so they know what they’re supposed to be doing. The last is to keep records of the new changes to see what is working for the company and what isn’t. Advantages to change management range from helping the company function better in helping them keep up and hopefully bypass their competitors. The disadvantages come when the SA doesn’t have a good grasp of what the company is all about. Not knowing what needs to be protected will give way to the security being short of what it should be. Another disadvantage comes when the SA doesn’t follow up on the procedures but rather just lets everything sit without knowing whether or not it worked out. This can lead the system to be open to attack if there are still vulnerabilities aren’t taken care of.