General discussion

Locked

Establish a configuration control board

By debate ·
Has your organization established a configuration control board (CCB) or something like it? If so, how does security fit into your CCB process? If not, how valuable do you think a CCB would be for your company? Share your comments about the uses of a configuration control board, as discussed in the Dec. 17 Security Solutions newsletter.

If you haven't subscribed to our free Security Solutions newsletter, sign up today! Click this link to subscribe automatically:
http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e036

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Security ans Service Pack updating

by pdirico In reply to Establish a configuration ...

How can anyone determine whether a network or system is "vulnerable to the condition that generated the service pack or update" without testing the service pack or update? If security is that important, then it's my opinion that an informed decision can not be made without testing.

Collapse -

ISO and ITIL and Six Sigma

by BFilmFan In reply to Establish a configuration ...

All of those process management philosophies detail the need for change control in an environment. Considering the way most change is handled in organizations, you would think the feudal system had never been abolished...

Collapse -

CM ......... can't go wrong

by dafe2 In reply to ISO and ITIL and Six Sigm ...

Glad to meet another that understands the relevance of ITIL & Six Sigma methodologies...............and it's importance & relevance in our industry. Currently, we're reviewing our Change Advisory Board, Service Desk and the CMDB. Not a good month. :-}

Question though:

Do (you) also use MOF as well?
We apply ISO to programmers....do you apply this to other areas? If so which one(s)?

Collapse -

applying standards

by Mike Mullins In reply to CM ......... can't go wr ...

Applying standards such as ITIL & Six Sigma as broadly as possible increase the design functionality of your divisions and network. Computerized environments run on standards and efficiency through implementation, increases as standards are applied.

Collapse -

What about ISO

by dafe2 In reply to applying standards

Yes, I understand. We follow & apply ITIL & Six Sigma (I myself an Certified in both) throughout
Information Technology processes...

But I was wondering if anyone out there was using an ISO standard in OPERATIONS? If so, which one(s)?

Collapse -

applying standards

by Mike Mullins In reply to CM ......... can't go wr ...

Applying standards such as ITIL & Six Sigma as broadly as possible increase the design functionality of your divisions and network. Computerized environments run on standards and efficiency through implementation, increases as standards are applied.

Collapse -

We use a Change Advisory Board

by dafe2 In reply to Establish a configuration ...

We use the following frameworks & principles
within & arround all our IT processes:

ITIL, MOF and Six Sigma

No it's not heaven, but at least we know where to look when things go wrong.

Collapse -

by Jaqui In reply to Establish a configuration ...

yes, me.
no hardware or software can be installed except by me.
no data transmitted that contins sensitive data except by me.

( gotta love having total control huh ;-) )
actually one person organisation. :-D

Collapse -

CCB and Security

by jamcshell In reply to Establish a configuration ...

Security is an important issue as it relates to change management, however, the CCB is always aware of the security. In my experience we handle the security at a lower level. The CCB is a review board and should be provided with general information.

Security should be built into your change process. During your process you should have an authorization matrix identifying segrgated duties. You should have separate design, test, and quality environments with each person having assigned access rights.

This should alleviate security issues at the CCB level. Anyone on the CCB board should be privy to the information in the change request without getting into all the details that may be confidential.

Back to Security Forum
9 total posts (Page 1 of 1)  

Security Forums