Configuration management is a process of requesting, tracking, and approving all changes to a system. It not only involves the identification, control, and auditing of all changes made to a system, it also pertains to all hardware, software, network, and any other changes that pertain to security.
Provide an example of a situation where change control was not followed that resulted with a disastrous result. (This may or may not be real)
Then identify the necessary steps that should have been included as part of the change control process.
PLEASE KINDLY GIVE ME LIKE
Configuration management is a process of requesting, tracking, and approving all changes to a system. It...
The purpose of a change control board process is to evaluate and implement potential changes to the system during the desugn or post development stage. The need for change can result from what factor? New or changed requirement Changed hardware or software Cost saving opportunities Design Defects New Technology All of the above None of the above
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...
1. Consider a grocery supermarket planning to computerize their inventory management. The items on shelves will be marked with Radio Frequency Identification (RFID) tags and a set of RFID reader-devices will be installed for monitoring the movements of the tagged items. Each tag carries a 96-bit EPC (Electronic Product Code) with a Global Trade Identification number, which is an international standard. The RFID readers are installed on each shelf on the sales floor. The RFID system consists of two types...
The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...
Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control assessor Information System Owner (ISO) Information Owner/Steward When making determinations regarding the adequacy of common controls for their respective systems, Information System Owner (ISO) refer to the Common Control Providers’ (CCP) Privacy Impact Assessment (PIA) Business Impact Analysis (BIA) Authorization Packages Vulnerability Scans An organization-wide approach to identifying common controls early in the Risk Management Framework (RMF) process does which of the following? Considers...
TRUE/FALSE QUESTIONS: Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...
Using the CNA Insurance company Knowledge Management scenario (below), carry out the following knowledge management assignment Questions after reading the scenario/essay: =============================================================================================================== For Gordon Larson, telling stories is all in a day's work at his job as chief knowledge officer at CNA, and that's just fine with executives at the Chicago-based insurance giant. Larson owes his job to a shift in corporate direction. Three years ago, under the direction of a new chairman, CNA set off on a new mission....
The information systems (IS) department at Jacobsons, Inc., consists of eight employees, including the IS Manager, Melinda Cullen. Melinda is responsible for the day-to-day oversight of the IS function and reports to Jacobsons' chief operating officer (COO). The COO is a senior vice president responsible for the overall retail operations who reports directly to the president and chief executive officer. The COO attends board of director meetings to provide an update of key operating performance issues. Because Melinda takes an...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
CASE STUDY U.S. Office of Personnel Management Data Breach: No Routine Hack The U.S. Office of Personnel Management (OPM) is conducted, may have been extracted. Government offi responsible for recruiting and retaining a world-class cials say that the exposure of security clearance irn workforce to serve the American people and is also mation could pose a problem for years responsible for background investigations on pro- spective employees and security clearances. In June the OPM system, and its records were protected...