Fundamentals of Information Systems Security, 4th Edition

The Change Management Process

It is common to discuss change and configuration control as a pair of activities, but they are really two ends of a spectrum. The confusion lies in where a particular activity crosses from one to another. Drawing a sharp line between the two is difficult because organizations of different complexities will draw the line in different places:

Configuration control is the management of the baseline settings for a system device so that it meets security requirements. The settings must be implemented carefully and only with prior approval.
Change control is the management of changes to the configuration. Unmanaged changes introduce risk because they might affect security operations or controls, and an improper change ...

Get Fundamentals of Information Systems Security, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Fundamentals of Information Systems Security, 4th Edition by David Kim, Michael G. Solomon

The Change Management Process

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly