Change Configuration, Release, and Patch Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hello and welcome back to our next lesson,
00:00
change, configuration, release, and patch management.
00:00
In this lesson we'll cover what change controller is,
00:00
what patch management is,
00:00
what release management is,
00:00
and the different types of
00:00
releases you're likely to come across.
00:00
Let's begin. Change controls.
00:00
Basically, change control is
00:00
essentially the management of changes
00:00
into production environments,
00:00
complex IT systems in their hardware
00:00
they need to change
00:00
periodically for updates or new functionality,
00:00
but the complexity requires
00:00
this change to be managed fairly carefully.
00:00
This needs to cover all assets, software and hardware.
00:00
New equipment or new software needs to be
00:00
mentioned into the environment to ensure
00:00
that users are aware of what's going on,
00:00
and also it doesn't create any issues
00:00
for the business processes that
00:00
relying on this infrastructure.
00:00
In change control, there's
00:00
couple of associated procedures.
00:00
One is obviously communication.
00:00
Users and stakeholders need
00:00
to know when change is occurring.
00:00
There also needs to be the updates and maintenance of
00:00
documentation surrounding the system.
00:00
Job preparation and scheduling.
00:00
If you're in that environment,
00:00
needs to be managed.
00:00
Any testing and also risk management
00:00
needs to be a very key aspect of change control.
00:00
That's risk management of,
00:00
in terms of risks introduced into
00:00
the system from the perspective of the change,
00:00
but also business risks so that if the change takes place
00:00
in the middle of a busy period for the organization,
00:00
that is also a risk that needs to be considered.
00:00
Patch management is basically the acquisition, testing,
00:00
installing of patches on an administered computer system.
00:00
It basically ensures that the software
00:00
is up-to-date functioning correctly
00:00
and also importantly in mitigates any security risks.
00:00
Now patching can either be automated or manual.
00:00
In other words, for very large systems,
00:00
patches can be pushed out from a central location on
00:00
an automatic schedule and this can be
00:00
viewed as part of change management itself,
00:00
because technically it is a change to the system.
00:00
A few things with patch management.
00:00
There needs to be understanding
00:00
of the knowledge of the available patches.
00:00
Now certainly with systems such as Microsoft,
00:00
I will release patches on a very regular basis,
00:00
but some systems may be
00:00
a little bit more ad hoc than that.
00:00
An understanding of exactly what
00:00
patches exist for your systems need to be maintained.
00:00
There also needs to be a decision on
00:00
the appropriateness of a patch.
00:00
For example, a patch may come out that
00:00
patches functionality that's just
00:00
not used in your system,
00:00
in which case that may have
00:00
a negative impact on the operation of the software.
00:00
You need to look at it as to whether it's
00:00
suitable for the environment and actually
00:00
is mitigating risks that
00:00
may be faced in your environment.
00:00
It needs to be proper installation and testing.
00:00
Patches need to be put down often in
00:00
a test or a development environment first to
00:00
sort of see what impact they have
00:00
on the use of the system within your environment.
00:00
Of course, as with everything,
00:00
documentation needs to be maintained.
00:00
Now, release management is basically a process
00:00
through which software is made available to users.
00:00
What release can be,
00:00
it is change management,
00:00
but it can be basically
00:00
a collection of authorized changes.
00:00
Maybe one and multiple changes, for example,
00:00
upgrading from a major version to a new major version.
00:00
Planning for releases needs to
00:00
be some agreement of what's actually in the release,
00:00
the strategy for releasing it into production,
00:00
which takes into account the business needs of
00:00
the organization and the schedule of the release.
00:00
This will usually encompass
00:00
some product improvement or problem resolution.
00:00
Release management will address
00:00
issues that have been identified in
00:00
the system through other IT service management elements.
00:00
Now there are three main release types.
00:00
A major release, this will be moving from
00:00
one version to a brand new version.
00:00
This will have potentially new functionality,
00:00
new interface, significant impact
00:00
upon what the user sees in the system.
00:00
This will often come with
00:00
significant communication or potentially even training.
00:00
Minor releases, now these can be
00:00
potentially totally transparent to the users.
00:00
They may not necessarily see
00:00
any difference to the system itself,
00:00
but they patch some underlying code
00:00
or they basically made change,
00:00
some particular feature that is working
00:00
underneath the surface to
00:00
the user and an emergency release.
00:00
This can often be a case of a number of
00:00
critical security patches have been released and they
00:00
need to be rolled out into the organization as soon
00:00
as possible to mitigate actual clear and present risks.
00:00
That's the end of our lesson. We've covered
00:00
a little bit on change control, patch management,
00:00
release management and the differences
00:00
between those three and also some of
00:00
the similarities and the different release types
00:00
that you're likely to encounter.
00:00
We hope you enjoyed the lesson
00:00
and I will see you at the next one.
Up Next