Change is inevitable, change is good, change is painful, and the cliches go on. What happens when change is needed that may offend though?
Watch this video as we discuss the challenges of change.
When processes and access management need changing due to weaknesses in internal controls or pose a threat, these changes can cause resistance, denial, and offense... So how do you work to improve the integrity of your organization's finances, while avoiding offense, friction, and resistance? The behavioral side of change can make or break transitions, not just to avoid security or internal control issues, but across all types of organizational change. In an ideal world, learning to work with those impacted by change can turn resistance into support. Everyone wins.
The first step is to deep dice int the changes being made, these include:
Customizations: how are developer documenting change over the periods being reviewed, and how is this documentation being reviewed from a risk perspective?
For changes that come from the vendor with each patch, what is the impact of not only new functionality, but what changes are being made to our existing configurations?
This last point is critical as we have seen changes made by vendors with each patch, have introduced a high number of changes to the existing security. These changes affect the security, configuration, and other parts of the application that you may not otherwise consider to be impacted by change.
One such example is the change to the security role/group structure, new functionality is added to the delivered groups that you may be using. This is changing the access model, and in turn potentially exposing your users and your organization to unforeseen risk.
Seecuring provides security and access solutions for all of your in-scope applications. Our solutions include:
* Segregation of Duties.
* Sensitive Access.
* User Access Reviews.
* Patch Impact Analysis & Configuration Changes.
If you need help with your security and licensing, get in touch to discuss your needs: