Question

1. How and why business changes affect policies?

2. Why are configuration management and change management necessary?

3. In the following table, enter a number in the Answers column for each role that matches its appropriate description. A role may have more than one correct description.

Roles	Answers	Descriptions
Compliance Liaison Security Administration Team Incident response team Outsources security firm		Works with each department to ensure it understands, implements and monitors compliance. Works closely with an outside firm to make sure both agree to specific security requirements. Protects sensitive data in the event of natural disasters and equipment failure, among other potential emergencies. Handles the planning, design, implementation, and monitoring of the organization’s security program. Controls access to systems or resources.

Need to match these descriptions to the Roles that can apply to. A role can have more than one description.

Answer 1

1. There are some internal and external factors due to which changes in business and its policies takes place.

Some factors are as follows:

a. The Economy- If customers lose their jobs then buyers will spend less or limit their wants due to which business runners has to make a strategy which can deal with such situations.

b. Performance Gaps- If their are some performance gaps due to which company was not able to meet its goals so it needs to be change immediately in order to achieve its goals and objective and earn profits.

c. New Technology- For smooth working every business needs to upgrade its technology timely.

d. Identification of opportunities- Opportunities are identifies in the market place that the organisation needs to pursue in order to increase its competitiveness.

e. Organisational Culture- Entities can attempt to change their culture, including management and leadership styles, values and beliefs of all the things organisation can change, this is by far the most difficult to undertake.

2. Configuration Management System- Configuration Control focuses on the specifications of both the deliverables and the processes. It is a process of defining configurable items (product, services, result and component) and controlling changes to such items.

Configuration Management is necessary to

a. Identify the configurable items.

b. Record and prepare a report for all configurable items.

c. Verify and conduct an audit of all configurations are as per the requirement.

Change Management System- Change control focuses on identifying, documenting and controlling changes to the project and project baselines.

Change Management is necessary to

a. Identify the changes

b. Prepare a proper documentation for the changes.

c. Review, analyze and make a decision for the change request.

d. Make sure that request is implemented, registered and communicated.

3.

Roles	Answers	Descriptions
Compliance Liaison	1	Works with each department to ensure it understands, implements and monitors compliance.
Security Administration Team	2	Works closely with an outside firm to make sure both agree to specific security requirements.
Incident response team	3	Protects sensitive data in the event of natural disasters and equipment failure, among other potential emergencies.
Outsources security firm	2	Handles the planning, design, implementation, and monitoring of the organization’s security program.
	4	Controls access to systems or resources.

Answer 2

1. Business changes can have a significant impact on policies. When a business undergoes changes such as expansion, reorganization, or technological advancements, it often necessitates a review and revision of existing policies. The reasons for this are:

• Alignment with new objectives: Business changes may require a realignment of objectives and strategies. Policies need to be updated to ensure they support and reflect the new direction and goals of the organization.

• Compliance with regulations and laws: Changes in the business environment, industry regulations, or legal requirements may necessitate updates to policies to ensure compliance. This helps the organization avoid legal issues and potential penalties.

• Adaptation to new processes and technologies: Business changes often involve the adoption of new processes, systems, or technologies. Policies need to be revised to address the specific requirements and guidelines associated with these changes, ensuring efficient and secure operations.

• Mitigation of risks: Changes in the business landscape can introduce new risks or modify existing ones. Policies need to be reviewed and adjusted to address these risks and establish appropriate controls and protocols to mitigate them.

2. Configuration management and change management are necessary in organizations for the following reasons:

• Configuration management: Configuration management is the process of systematically managing and documenting the characteristics and changes of a system or infrastructure. It is essential because it provides:

• Control and consistency: Configuration management ensures that systems, software, and infrastructure components are consistently configured and maintained in a controlled manner. This helps avoid configuration drift, unauthorized changes, and inconsistencies that can lead to operational issues or security vulnerabilities.

• Effective troubleshooting and maintenance: With proper configuration management, organizations can accurately track and manage the configuration of various components. This enables efficient troubleshooting, faster resolution of issues, and streamlined maintenance processes.

• Change control: Configuration management provides a foundation for change control by establishing a baseline configuration and documenting approved changes. This ensures that changes are implemented in a controlled manner, reducing the risk of errors or disruptions.

• Change management: Change management is the process of planning, implementing, and controlling changes in an organization. It is necessary because it offers:

• Minimization of disruptions: Change management ensures that changes are carefully planned, communicated, and executed to minimize disruptions to operations. It considers potential impacts, dependencies, and risks associated with changes, allowing organizations to implement them in a controlled manner.

• Stakeholder engagement: Change management involves engaging stakeholders, such as employees, customers, and suppliers, to gain their support and manage expectations. This fosters a smoother transition during periods of change and helps address any resistance or concerns.

• Continuous improvement: Change management promotes a culture of continuous improvement by encouraging organizations to regularly assess and update their processes, systems, and practices. It allows for the incorporation of feedback, lessons learned, and industry best practices to drive positive change and enhance organizational performance.

3. Matching the descriptions to the roles:

• Compliance Liaison: Works with each department to ensure it understands, implements, and monitors compliance.

• Security Administration Team: Handles the planning, design, implementation, and monitoring of the organization's security program.

• Incident response team: Protects sensitive data in the event of natural disasters and equipment failure, among other potential emergencies.

• Outsources security firm: Works closely with an outside firm to make sure both agree to specific security requirements.

• Controls access to systems or resources: This description can apply to both the Compliance Liaison and the Security Administration Team roles, as they are involved in ensuring proper access controls and enforcing security policies.

Please note that the specific roles and their descriptions may vary depending on the organization and its structure.