General discussion

  • Creator
    Topic
  • #2292225

    Establish a configuration control board

    Locked

    by debate ·

    Has your organization established a configuration control board (CCB) or something like it? If so, how does security fit into your CCB process? If not, how valuable do you think a CCB would be for your company? Share your comments about the uses of a configuration control board, as discussed in the Dec. 17 Security Solutions newsletter.

    If you haven’t subscribed to our free Security Solutions newsletter, sign up today! Click this link to subscribe automatically:
    http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e036

All Comments

  • Author
    Replies
    • #3300332

      Security ans Service Pack updating

      by pdirico ·

      In reply to Establish a configuration control board

      How can anyone determine whether a network or system is “vulnerable to the condition that generated the service pack or update” without testing the service pack or update? If security is that important, then it’s my opinion that an informed decision can not be made without testing.

    • #3300330

      ISO and ITIL and Six Sigma

      by bfilmfan ·

      In reply to Establish a configuration control board

      All of those process management philosophies detail the need for change control in an environment. Considering the way most change is handled in organizations, you would think the feudal system had never been abolished…

      • #3291985

        CM ……… can’t go wrong

        by dafe2 ·

        In reply to ISO and ITIL and Six Sigma

        Glad to meet another that understands the relevance of ITIL & Six Sigma methodologies……………and it’s importance & relevance in our industry. Currently, we’re reviewing our Change Advisory Board, Service Desk and the CMDB. Not a good month. :-}

        Question though:

        Do (you) also use MOF as well?
        We apply ISO to programmers….do you apply this to other areas? If so which one(s)?

        • #3300931

          applying standards

          by mike mullins ·

          In reply to CM ……… can’t go wrong

          Applying standards such as ITIL & Six Sigma as broadly as possible increase the design functionality of your divisions and network. Computerized environments run on standards and efficiency through implementation, increases as standards are applied.

        • #3299948

          What about ISO

          by dafe2 ·

          In reply to applying standards

          Yes, I understand. We follow & apply ITIL & Six Sigma (I myself an Certified in both) throughout
          Information Technology processes…

          But I was wondering if anyone out there was using an ISO standard in OPERATIONS? If so, which one(s)?

        • #3300930

          applying standards

          by mike mullins ·

          In reply to CM ……… can’t go wrong

          Applying standards such as ITIL & Six Sigma as broadly as possible increase the design functionality of your divisions and network. Computerized environments run on standards and efficiency through implementation, increases as standards are applied.

    • #3301077

      We use a Change Advisory Board

      by dafe2 ·

      In reply to Establish a configuration control board

      We use the following frameworks & principles
      within & arround all our IT processes:

      ITIL, MOF and Six Sigma

      No it’s not heaven, but at least we know where to look when things go wrong.

    • #3300660

      Reply To: Establish a configuration control board

      by jaqui ·

      In reply to Establish a configuration control board

      yes, me.
      no hardware or software can be installed except by me.
      no data transmitted that contins sensitive data except by me.

      ( gotta love having total control huh 😉 )
      actually one person organisation. 😀

    • #2559004

      CCB and Security

      by jamcshell ·

      In reply to Establish a configuration control board

      Security is an important issue as it relates to change management, however, the CCB is always aware of the security. In my experience we handle the security at a lower level. The CCB is a review board and should be provided with general information.

      Security should be built into your change process. During your process you should have an authorization matrix identifying segrgated duties. You should have separate design, test, and quality environments with each person having assigned access rights.

      This should alleviate security issues at the CCB level. Anyone on the CCB board should be privy to the information in the change request without getting into all the details that may be confidential.

Viewing 4 reply threads