Page 1162 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1162

When the change management process is enforced, it creates
               documentation for all changes to a system. This provides a trail of

               information if personnel need to reverse the change. If personnel need
               to implement the same change on other systems, the documentation
               also provides a road map or procedure to follow.

               Change management control is a mandatory element for some security
               assurance requirements (SARs) in the ISO Common Criteria.
               However, change management controls are implemented in many

               organizations that don’t require compliance with ISO Common
               Criteria. It improves the security of an environment by protecting
               against unauthorized changes resulting in unintentional losses.


               Versioning

               Versioning typically refers to version control used in software
               configuration management. A labeling or numbering system

               differentiates between different software sets and configurations
               across multiple machines or at different points in time on a single
               machine. For example, the first version of an application may be
               labeled as 1.0. The first minor update would be labeled as 1.1, and the
               first major update would be 2.0. This helps keep track of changes over
               time to deployed software.


               Although most established software developers recognize the
               importance of versioning and revision control with applications, many
               new web developers don’t recognize its importance. These web
               developers have learned some excellent skills they use to create
               awesome websites but don’t always recognize the importance of
               underlying principles such as versioning control. If they don’t control
               changes through some type of versioning control system, they can
               implement a change that effectively breaks the website.



               Configuration Documentation

               Configuration documentation identifies the current configuration of
               systems. It identifies who is responsible for the system and the
               purpose of the system, and lists all changes applied to the baseline.

               Years ago, many organizations used simple paper notebooks to record
   1157   1158   1159   1160   1161   1162   1163   1164   1165   1166   1167