Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

DS9.1 - Configuration Repository and Baseline

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective DS9.1 - Configuration Repository and Baseline is contained within Process Popup Manage the Configuration.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
15 Members
0 Online
4602 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Configuration Repository and Baseline

Establish a supporting tool and a central repository to contain all relevant information on configuration items. Monitor and record all assets and changes to assets. Maintain a baseline of configuration items for every system and service as a checkpoint to which to return after changes.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Hardware and software planned effectively to maintain business services
  • The configuration deployed consistently across the enterprise
  • Planning enhanced so that changes are in accordance with the overall architecture
  • Cost savings through supplier consolidation
  • Fast incident resolution
  Risk Drivers
  • Failure of changes to comply with the overall technology architecture
  • Assets not protected properly
  • Unauthorised changes to hardware and software not discovered, which could result in security breaches
  • Documented information failing to reflect the current architecture
  • Inability to fall back

View Control Practices  help

Hide Control Practices  help

  1. Implement a configuration repository to capture and maintain configuration management items. The repository should include hardware; application software; middleware; parameters; documentation; procedures; and tools for operating, accessing and using the systems, services, version numbers and licencing details.
  2. Implement a tool to enable the effective logging of configuration management information within a repository.
  3. Provide a unique identifier to a configuration item so the item can be easily tracked and related to physical asset tags and financial records.
  4. Define and document configuration baselines for components across development, test and production environments, to enable identification of system configuration at specific points in time (past, present and planned).
  5. Establish a process to revert to the baseline configuration in the event of problems, if determined appropriate after initial investigation.
  6. Install mechanisms to monitor changes against the defined repository and baseline. Provide management reports for exceptions, reconciliation and decision making.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 23 total

Must be a Topic member to contribute
View All »
Books
Posted by ISACA 505 days ago
Books
Posted by ISACA 834 days ago
ICQs and Audit Programs
Posted by ISACA 1284 days ago
ICQs and Audit Programs
Posted by ISACA 1416 days ago
Books
Posted by ISACA 1544 days ago

Events & Online Learning: 0 total

No Results Found

Journal Articles: 34 total

Volume 5, 2017
by Filip Caron, Ph.D.
Blockchain technology, commonly expected to drive the next wave of digital infrastructure and process innovation, is rapidly developing into maturity.
Volume 4, 2017
by Rassoul Ghaznavi-Zadeh, CISM, COBIT Foundation, SABSA, TOGAF
Traditionally, security architecture consists of some preventive, detective and corrective controls that are implemented to protect the enterprise infrastructure and applications.
Volume 4, 2017
by Mathew Nicho, Ph.D., CEH, CIS, ITIL Foundation, RWSP, SAP, Shafaq Khan, Ph.D., CIS, PMBOK, PMP, SAP, and Ram Mohan, CRISC, CISM, CGEIT, ISO 27001, ITIL Foundation
A key issue often cited by information systems (IS) executives in the last three decades is aligning IT with business, which assists in realizing value from IT investments.
Volume 3, 2017
by Vasant Raval, DBA, CISA, ACMA, and Rajesh Sharma, Ph.D., ITIL-F, Six Sigma Black Belt
Success does not teach much, if anything; it is the failure that provides lessons to do better in the future.
Volume 1, 2017
by Graciela Braga, CGEIT, COBIT Foundation, CPA
When discussing the impact of IT on cities, some questions arise: How have cities been transformed by IT? Can this transformation be measured? What are the benefits and risk factors of the transformation?
Volume 6, 2016
by Sunil Bakshi, CISA, CGEIT, CISM, CRISC, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
During the past 30 years, enterprises have been embracing new methods to transform their operations to use IT and related technology to provide a higher level of customer service.

Wikis: 2 total

Blog Posts: 16 total

Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
My previous blog under name "Dragan on Security" was at location: http://conwex.info/blog/. It was active from August 28, 2005 to October 3, 2012. By beginning of 2017 it is moved to new location http://www.dragan-pleskonjic.com/blog/. With possibility to...
Posted By : Dragan Pleskonjic | 0 comments
28 Sep 2017
Recently, I witnessed an interesting webcast by Scopism, an UK-based consulting and training company. They announced the publication of the SIAM(c) Foundation Body of Knowledge, available for free through their website www.scopism.com. Service Integration...
Posted By : Peter873 | 0 comments
The real success story is adoption of technology, and adoption is possible if the team which is implementing the Tech solution have vision and purpose of that solution to be adoptable by larger users / stake holders. We always do not get green field proje...
Posted By : Gopal207 | 0 comments
Few days ago the person behind the Hacking Team hack revealed how he did it in pastebin - (the original in Spanish) https://pastebin.com/raw/GPSHF04A I was very keen to understand how good you need to be to hack back one of the most (in)famous hacki...
Posted By : TiagoRosado | 0 comments
“Enterprise architecture is now a strategic componentof every forward-thinking organization around the world.”Source: http://feapo.org/press-release-ea-perspectives-white-paper/ Related Article: Common Perspective on Enterprise Architecture: http://feapo....
Posted By : SA | 1 comments