Security+ 2008 Unit-18.csv
Home > Preview
The flashcards below were created by user
on FreezingBlue Flashcards.
It is recognized today that COMPUTER SYSTEMS can be as complex
as building an AIRCRAFT or a SKYSCRAPER. Just as you would not change a PART in an aircraft or make a change in a buildings Plan w/o a full understanding of its consequences and FULL DOCUMENTATION; In the same manner and with the same care; CHANGES in the computer system must be carefully considered prior to implementing them and fully documented in order to prevent NEGATIVE consequences to a company; such as the very value of its STOCK and REPUTATION if there is a perception a company does not know how to MANAGE its Computer Systems.
In this Chapter; CHANGE MANAGEMENT refers to
a STANDARD-METHODOLOGY for performing and recording Changes during SoftWare Development and System Operation. The METHODOLOGY define steps that endure that System Changes are REQUIRED by the organization and properly AUTHORIZED -DOCUMENTED -TESTED -and APPROVED by Management.
What about recent U.S. Legislation like SABARNES OXLEY (SOX)
This is a piece of legislation AIMED at REGULATING how FIRMS (i.e. in Wall Street) Manage their information. Although SOX does not mandate specific changes in management methodology; IT DOES MANDATE THAT *IT* PROCESSES BE UNDER THE CONTROL OF *MANAGEMENT* (so they can be held responsible when scandals develope as in Wall Street recently)
The key concept of SEPARATION OF DUTIES (SEGREGATION)
A foundation for CHANGE MANAGEMENT is the recongnition that involving MORE THAN ONE INDIVIDUAL in a process can REDUCE RISK.
What would you like to do?
Home > Flashcards > Print Preview