Through 2015, 80% of outages impacting mission-critical services will be caused by people and process issues, and more than 50% of those outages will be caused by change/configuration/release integration and hand-off issues.¹

Ronni J. Colville and George Spafford

6.1 WHY MANAGING CHANGE IS IMPORTANT

The only one who likes change is a baby with a dirty diaper. So says a popular adage often cited by technology wonks. Nonetheless, change is a very good thing when managed properly. In your business, change brings you new capabilities, better efficiencies, and creative new ways of doing things. Change erases poor processes rife with wasteful steps, eliminates toxic leadership, and retires substandard products. Thus, change can be a very good thing.

Change also can introduce significant risk to you and your organization. In fact, periods of change are where most risk is introduced. Changes in personnel, process, and products represent great risk to you and your business. You need to be keenly aware of change and be prepared to manage it as part of your risk management process.

Your risk environment is complicated. You and your organization face an ever-evolving threat landscape replete with increasingly sophisticated cyber threats and malicious bad actors. Attacks can range from cyber “weapons of mass disruption” such as distributed denial of service (DDoS) attacks and zombie infestations up to and including finely tuned, exquisitely researched, and implemented ...