{"id":180,"date":"2014-03-29T16:54:56","date_gmt":"2014-03-29T16:54:56","guid":{"rendered":"http:\/\/itiltopia.com\/?p=180"},"modified":"2014-03-30T00:23:39","modified_gmt":"2014-03-30T00:23:39","slug":"are-full-scans-of-servers-a-change","status":"publish","type":"post","link":"http:\/\/itiltopia.com\/?p=180","title":{"rendered":"Are Full Scans of Servers a Change?"},"content":{"rendered":"<div class=\"source\">From the <a href=\"http:\/\/www.itilcommunity.com\/modules.php?name=Forums&amp;file=viewtopic&amp;t=3131&amp;highlight\">ITIL Community Forum<\/a><\/div>\n<div class=\"question\"><span class=\"label\">Q:<\/span><\/p>\n<p>There has been some recent discussion in my organizations on how to handle vulnerability scanning against production devices.\u00a0 While agents have been installed on all the target devices, my security group would like to run quarterly vulnerability scans.<\/p>\n<p>The issue at hand is how to handle this request.\u00a0 Most people I have spoken to have agreed that &#8220;scanning&#8221; a server is not a change.\u00a0 It has been argued that it is an operational task.\u00a0 However, we have identified the risk that scans can impact production servers by impacting performance.\u00a0 Because of this risk of impact, some people would like to classify the scanning event as a change.<\/p>\n<p>The risk that we have of classifying the vulnerability scanning event, is that it would set precedence for similar type of events.\u00a0 For example, we could start getting into the business of managing Virus Scans, Altiris Discovery, Hardware\/Software Discovery, and other planned operation that may affect service levels as a change.\u00a0 It has been argued that this is not a platform for change.<\/p>\n<p>If that is the case, what is the best way to handle it?\u00a0 Or, how do you handle similar type of events which have known impact, requires approval and notification, but does not fall into an ITIL definition of a change?<\/p>\n<\/div>\n<div class=\"answer\"><span class=\"label\">A:<\/span><\/p>\n<p>Whether or not this is a Change is dependent on how you have structured the data in the CMDB. The implemented Change record should be the driver to update a state or attribute of a CI in the CMDB. If you are tracking &#8220;Last Scan Date&#8221; in the CMDB, then yes, the Scan would update that field. In which case, it should be handled as a Change request.<\/p>\n<p>Personally, I wouldn&#8217;t track that level of detail in a CMDB since it adds little value to my managing the inter-relationships of the IT infrastructure.<\/p>\n<p>What it sounds like you should be doing is opening an Incident. Remember that an Incident isn&#8217;t just an outage. It is any event outside the normal operation of a Service that causes, or may cause, an interruption or degradation in quality of that Service.<\/p>\n<p>The scan sounds like an event that is outside the normal operation of a scanned device that might cause a degradation in the quality of the Service reliant on that device.<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>From the ITIL Community Forum Q: There has been some recent discussion in my organizations on how to handle vulnerability scanning against production devices.\u00a0 While agents have been installed on all the target devices, my security group would like to run quarterly vulnerability scans. The issue at hand is how to handle this request.\u00a0 Most &hellip;<br \/><a href=\"http:\/\/itiltopia.com\/?p=180\">Read more <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[5,8],"tags":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"_links":{"self":[{"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/posts\/180"}],"collection":[{"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=180"}],"version-history":[{"count":2,"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/posts\/180\/revisions"}],"predecessor-version":[{"id":251,"href":"http:\/\/itiltopia.com\/index.php?rest_route=\/wp\/v2\/posts\/180\/revisions\/251"}],"wp:attachment":[{"href":"http:\/\/itiltopia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=180"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/itiltopia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}