Security
Environmental Impact Analysis
Change control is about notification, identifying affected systems and informing concerned parties, bringing the knowledge of others into the loop to avoid problems. It is secondarily an historical record. (What happened recently to cause this anomalous behavior?) And thus helps to identify previously unknown dependencies.The problems here are determining what systems are affected and who needs to know. Determining the former should determine the latter, but that's not always apparent.
Generally, in analyzing the business practice before writing a change control application, great thought is given to who has to approve the changes, usually from a budgetary and chain-of-command perspective, on the assumption that a manager can more effectively assess the impact of a potential outage. Some thought might be given to a security assessment. Little thought is given to developing a dependancy tree — and so many concerned parties are left uninformed.
9:33:29 AM # Google It!
categories: Security, System Administration