Principles of Computer Security Chapter 21
Configuration Items
Data or software (or other asset) that is identified and managed as part of the software change management process (also known as computer software configuration item).
Configuration Control
This is the process of controlling changes to items that have been baselined.
System Problem Report (SPR)
This is used to track changes through the change control board. This documents changes or makes corrections to a system. It reflects who requested the change and why, what analysis must be done and by whom, and how the change was corrected or implemented.
Configuration Status Accounting
These are procedures for tracking and maintaining data relative to each configuration item in the baseline.
Change Control Board (CCB)
This is a body that oversees the change management process, and enables management to oversee and coordinate projects.
Change Management
This is a standard methodology for performing and recording changes during software development and operation.
Capability Maturity Model Integration (CMMI)
This is a structured methodology, helping organizations improve the maturity of their software processes by providing an evolutionary path from ad hoc processes to disciplined software management processes. It was developed at Carnegie Mellon University's Software Engineering Institute (SEI).
Baseline
This is a system or software as it is built and functioning at a specific point in time. It serves as a foundation for comparison or measurement, providing the necessary visibility to control change.
Configuration management
This is considered synonymous with change management and, in a more limited manner, version control or release control.
Configuration Auditing
This is the process for verifying that configuration items are built and maintained according to requirements, standards, or contractual agreements.
Configuration Identification
This is the process of identifying which assets need to be managed and controlled.
1. Initial 2. Managed 3. Defined 4. Quantitatively Managed 5. Optimizing
What CMMI-DEV's five maturity levels?
1. Configuration Identification 2. Configuration Control 3. Configuration Status Accounting 4. Configuration Auditing
What are the four general phases under Configuration Management?
Separation of Duties
Good business control practices require that duties be assigned to individuals in such a way that no one individual can control all phases of a process or the processing and recording of a transaction.
