Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

DS9.1 - Configuration Repository and Baseline

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective DS9.1 - Configuration Repository and Baseline is contained within Process Popup Manage the Configuration.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
16 Members
0 Online
0 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!


Configuration Repository and Baseline

Establish a supporting tool and a central repository to contain all relevant information on configuration items. Monitor and record all assets and changes to assets. Maintain a baseline of configuration items for every system and service as a checkpoint to which to return after changes.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Hardware and software planned effectively to maintain business services
  • The configuration deployed consistently across the enterprise
  • Planning enhanced so that changes are in accordance with the overall architecture
  • Cost savings through supplier consolidation
  • Fast incident resolution
  Risk Drivers
  • Failure of changes to comply with the overall technology architecture
  • Assets not protected properly
  • Unauthorised changes to hardware and software not discovered, which could result in security breaches
  • Documented information failing to reflect the current architecture
  • Inability to fall back

View Control Practices  help

Hide Control Practices  help

  1. Implement a configuration repository to capture and maintain configuration management items. The repository should include hardware; application software; middleware; parameters; documentation; procedures; and tools for operating, accessing and using the systems, services, version numbers and licencing details.
  2. Implement a tool to enable the effective logging of configuration management information within a repository.
  3. Provide a unique identifier to a configuration item so the item can be easily tracked and related to physical asset tags and financial records.
  4. Define and document configuration baselines for components across development, test and production environments, to enable identification of system configuration at specific points in time (past, present and planned).
  5. Establish a process to revert to the baseline configuration in the event of problems, if determined appropriate after initial investigation.
  6. Install mechanisms to monitor changes against the defined repository and baseline. Provide management reports for exceptions, reconciliation and decision making.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 23 total

Must be a Topic member to contribute
View All »
Books
Posted by ISACA 623 days ago
Books
Posted by ISACA 952 days ago
ICQs and Audit Programs
Posted by ISACA 1402 days ago
ICQs and Audit Programs
Posted by ISACA 1534 days ago
Books
Posted by ISACA 1662 days ago

Events & Online Learning: 0 total

No Results Found

Journal Articles: 39 total

Volume 3, 2018
by Ofir Eitan, CISM, CCSK, CTI
One of the major challenges chief information security officers (CISOs) face in almost any organization is prioritizing information security interests with regard to IT interests.
Volume 2, 2018
by Robert E. Davis, DBA, CISA, CICA
Innovation is the process of transforming an idea or concept into a functional and marketable value proposition reflecting creative opportunity.
Volume 2, 2018
by Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
Until a few years ago, many organizations did not adopt new technologies unless they were proven, stabilized and in use.
Volume 2, 2018
by Steven J. Ross, CISA, CISSP, MBCP
In this era of multi-modal technology, many disaster recovery issues are solved, some are simply transferred and a few are made worse.
Volume 2, 2018
by Rassoul Ghaznavi-Zadeh, CISM, COBIT Foundation, SABSA SCF, TOGAF 9
A top-down approach to enterprise security architecture can be used to build a business-driven security architecture.
Volume 5, 2017
by Filip Caron, Ph.D.
Blockchain technology, commonly expected to drive the next wave of digital infrastructure and process innovation, is rapidly developing into maturity.

Wikis: 2 total

Blog Posts: 16 total

5 Jun 2018
Recently, I witnessed an interesting webcast by Scopism, an UK-based consulting and training company. They announced the publication of the SIAM(c) Foundation Body of Knowledge, available for free through their website www.scopism.com. Service Integration...
Posted By : Peter873 | 2 comments
Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
My previous blog under name "Dragan on Security" was at location: http://conwex.info/blog/. It was active from August 28, 2005 to October 3, 2012. By beginning of 2017 it is moved to new location http://www.dragan-pleskonjic.com/blog/. With possibility to...
Posted By : Dragan Pleskonjic | 0 comments
The real success story is adoption of technology, and adoption is possible if the team which is implementing the Tech solution have vision and purpose of that solution to be adoptable by larger users / stake holders. We always do not get green field proje...
Posted By : Gopal207 | 0 comments
Few days ago the person behind the Hacking Team hack revealed how he did it in pastebin - (the original in Spanish) https://pastebin.com/raw/GPSHF04A I was very keen to understand how good you need to be to hack back one of the most (in)famous hacki...
Posted By : TiagoRosado | 0 comments
“Enterprise architecture is now a strategic componentof every forward-thinking organization around the world.”Source: http://feapo.org/press-release-ea-perspectives-white-paper/ Related Article: Common Perspective on Enterprise Architecture: http://feapo....
Posted By : SA | 1 comments