Believe it or not, we are down to our final metrics post! We’re going to close things out today with change management – something that isn’t specific to security, but comes with security implications.

Our change management process is:

  1. Monitor
  2. Schedule and Prepare
  3. Alter
  4. Verify
  5. Document

Monitor

Variable Notes
Time to gather change requests
Time to evaluate each change request for security implications

Schedule and Prepare

Variable Notes
Time to map request to specific actions/scripts
Time to update change management system
Time to schedule downtime/maintenance window and communicate

Alter

Variable Notes
Time to implement change request

Verify

Variable Notes
Time to test and verify changes

Document

Variable Notes
Time to document changes
Time to archive scripts or backups

Other Posts in Project Quant for Database Security

  1. An Open Metrics Model for Database Security: Project Quant for Databases
  2. Database Security: Process Framework
  3. Database Security: Planning
  4. Database Security: Planning, Part 2
  5. Database Security: Discover and Assess Databases, Apps, Data
  6. Database Security: Patch
  7. Database Security: Configure
  8. Database Security: Restrict Access
  9. Database Security: Shield
  10. Database Security: Database Activity Monitoring
  11. Database Security: Audit
  12. Database Security: Database Activity Blocking
  13. Database Security: Encryption
  14. Database Security: Data Masking
  15. Database Security: Web App Firewalls
  16. Database Security: Configuration Management
  17. Database Security: Patch Management
  18. Database Security: Change Management
  19. DB Quant: Planning Metrics, Part 1
  20. DB Quant: Planning Metrics, Part 2
  21. DB Quant: Planning Metrics, Part 3
  22. DB Quant: Planning Metrics, Part 4
  23. DB Quant: Discovery Metrics, Part 1, Enumerate Databases
  24. DB Quant: Discovery Metrics, Part 2, Identify Apps
  25. DB Quant: Discovery Metrics, Part 3, Config and Vulnerability Assessment
  26. DB Quant: Discovery Metrics, Part 4, Access and Authorization
  27. DB Quant: Secure Metrics, Part 1, Patch
  28. DB Quant: Secure Metrics, Part 2, Configure
  29. DB Quant: Secure Metrics, Part 3, Restrict Access
  30. DB Quant: Monitoring Metrics: Part 1, Database Activity Monitoring
  31. DB Quant: Monitoring Metrics, Part 2, Audit
  32. DB Quant: Protect Metrics, Part 1, DAM Blocking
  33. DB Quant: Protect Metrics, Part 2, Encryption
  34. DB Quant: Protect Metrics, Part 3, Masking
  35. DB Quant: Protect Metrics, Part 4, WAF
Share: