ABSTRACT
Configuration management (CM) supports consistency, completeness, and rigor in implementing security. It also provides a mechanism for determining the current security posture of the organization with regard to technologies being utilized, processes and practices being performed, and a means for evaluating the impact of change on the security stance of the organization. If a new technology is being considered for implementation, an analysis can determine the effects from multiple standpoints:
• Costs to purchase, install, maintain, and monitor • Positive or negative interactions with existing technologies or architectures • Performance • Level of protection • Ease of use • Management practices that must be modified to implement the technology • Human resources who must be trained on the correct use of the new technology, as a
user or as a provider
CM functions serve as a vital base for controlling the present-and for charting the future for an organization in meeting its goals. But looking at CM from a procedural level exclusively might result in the omission of significant processes that could enhance the information security stance of an organization and support mission success.
