Post AcwDWs5S4ytAyJZoJ6 by berniework@infosec.exchange
 (DIR) More posts by berniework@infosec.exchange
 (DIR) Post #AcvPJYCngw5zq0T72G by mttaggart@infosec.town
       2023-12-18T06:04:44.717Z
       
       0 likes, 2 repeats
       
       Thinking a lot about change management processes, and how inherent in most of them is the conceit that the change is the risk, as opposed to the status quo. If the objective is protecting system stability, the preservation of status quo may not in fact be the wisest course of action.Of course that's why there is such a thing as an emergency change, but in any given organization's process, is the barrier to access that option unreasonably high? Can the protection of current state end up getting in the way of patching/reconfiguring systems in light of an incipient threat?Put another way, sometimes you want Entmoot, sometimes you need to throw some damn rocks.
       
 (DIR) Post #Acw41E9JcLr6XiDgo4 by FritzAdalis@infosec.exchange
       2023-12-18T12:23:36Z
       
       0 likes, 0 repeats
       
       @mttaggartIf change management is a barrier to change then you're doing it wrong.
       
 (DIR) Post #Acw41Ey0ZsPB4vwAoy by hefty_pegasus@infosec.town
       2023-12-18T12:48:19.114Z
       
       1 likes, 0 repeats
       
       @FritzAdalis @mttaggart Second this. My org has even done a process re-branding to "change enablement." Changes are a necessary part of any healthy IT/Development/Security program.
       
 (DIR) Post #Acw43eOkzlKoX2b8hU by TindrasGrove@infosec.exchange
       2023-12-18T10:44:51Z
       
       1 likes, 0 repeats
       
       @mttaggart …is “what is the risk if we don’t do this?” not a question most people ask???
       
 (DIR) Post #AcwDWs5S4ytAyJZoJ6 by berniework@infosec.exchange
       2023-12-18T15:26:26Z
       
       1 likes, 0 repeats
       
       @mttaggart great call-out of one of those biases/assumptions that is overlooked because it is just part of "how we do things."