Educause Security Discussion mailing list archives
Re: Firewall Changes through Change Management
From: "Menne, Michael S" <000002306ce3cd04-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Tue, 4 May 2021 14:49:53 +0000
Change Management is mostly a communication and documentation function for us. It’s an advisory body and not necessarily an approval body. We have Emergency, Informational, Normal, and Standard Changes. Changes that are performed frequently with known risks (usually low risk) and outcomes can be processed as Standard changes. Standard changes for us require no approval by the CAB and can be performed with a 24 hour notice. Standard Changes have to be proposed as a Standard Change and are voted on by the CAB through the Normal Change process. Informational changes are changes outside of our control (example: Office 365 changes that may have a significant impact on our users). Firewall changes that are routine and low risk could be a Standard Change in our environment. Standard Changes are templated so they can be submitted quickly. We hold CAB meetings twice a week. Standard changes are reviewed, but not discussed in detail or voted on. Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 Cell: (507) 405-0717 https://mankato.mnsu.edu/cyberaware [signature_1415841060] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Kimmitt, Jonathan" <jonathan-kimmitt () UTULSA EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Tuesday, May 4, 2021 at 9:42 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Firewall Changes through Change Management Hi all, We are in discussions of how to include border firewall changes in the change management process….. Whether to require change management for any rule changes, and conduct during our weekly maintenance windows….. or open it up and allow changes anytime during the week as is requested by Networking/Systems…. I was curious to how other .edu’s do it in their environments? -Jonathan ~ Jonathan Kimmitt CISSP, FIP, CDPSE, CIPP/E, CIPM, CIPT, OTCP,GLEG, GPEN, GSNA, PCIP, CEH Chief Information Security Officer Information Technology The University of Tulsa jonathan-kimmitt () utulsa edu 918.631.2743 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cmichael.menne%40MNSU.EDU%7C34086a31bc824bed537208d90f0ad973%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637557361539342092%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QU8POF79Q%2FcbunE0I%2FkRHBpTOofN0fO3oWcmHpk9KGU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Firewall Changes through Change Management Kimmitt, Jonathan (May 04)
- Re: Firewall Changes through Change Management Francisco Chavez (May 04)
- Re: Firewall Changes through Change Management Mattehew Prescott (May 04)
- Re: Firewall Changes through Change Management Bryan McClenahan (May 04)
- Re: Firewall Changes through Change Management King, Ronald A. (May 04)
- Re: Firewall Changes through Change Management Kimmitt, Jonathan (May 04)
- <Possible follow-ups>
- Re: Firewall Changes through Change Management Menne, Michael S (May 04)