Page 1412 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1412
produce more efficient software. As the capabilities of programming
and management improve, the actual produced size of software should
be smaller.
Change and Configuration Management
Once software has been released into a production environment, users
will inevitably request the addition of new features, correction of bugs,
and other modifications to the code. Just as the organization
developed a regimented process for developing software, they must
also put a procedure in place to manage changes in an organized
fashion. Those changes should then be logged to a central repository to
support future auditing, investigation, and analysis requirements.
Change Management as a Security Tool
Change management (also known as control management) plays
an important role when monitoring systems in the controlled
environment of a datacenter. One of the authors recently worked
with an organization that used change management as an essential
component of its efforts to detect unauthorized changes to
computing systems.
File integrity monitoring tools, such as Tripwire, allow you to
monitor a system for changes. This organization used Tripwire to
monitor hundreds of production servers. However, the
organization quickly found itself overwhelmed by file modification
alerts resulting from normal activity. The author worked with them
to tune the Tripwire-monitoring policies and integrate them with
the organization’s change management process. Now all Tripwire
alerts go to a centralized monitoring center, where administrators
correlate them with approved changes. System administrators
receive an alert only if the security team identifies a change that
does not appear to correlate with an approved change request.
This approach greatly reduced the time spent by administrators
reviewing file integrity reports and improved the usefulness of the
tool to security administrators.
