Hello and welcome back the Cyber. It's certified advance. A critic practices certification Preparation course. We can continue our discussion on margin number three, which is titled Organizational Security. These other objectives of this particular marker. Let's not turn attention toward a discussion or participate in change management.
Let's take a look at a pre assessment question before begin this process. Which of the following operational aspects of configuration management is it, eh?
If you said later, eh? Your absolute correct its identification, control, accounting and auditing.
Well, now when you think about
it refers to the formal procedures adopted by your organization to ensure that all the changes to your systems or whatever applications somewhere a seven to what we call a poor pret levels off management control.
Changing so what it does. It seeks to eliminate unauthorized changes and reduce the defects and problems related to a poor planning and communication of those changes. Change controls offered and four student use of a change control board again. What? This board doesn't review those changes for impact and when it does essentially so sure that they're appropriate implementation
plans have been prepared and it follows changed to approval. Impose implementation type review.
Looking again at the invitation of Configuration Mansion. On the other hand, this is clue document. How again, configure It mentions, manage rose responsibility, how configuration items changes are made and communicate all aspects of gin of the CME to your project stakeholders. The overall objective again of configuration management plan is to document in form
project stakeholders about the configuration magic or the CM within a project, what seem to be used and how they will be applied by the project.
Throughout this system, lifecycle changes made to the system is individual components. Oi! It's operational system can induce new vulnerabilities and thus impact the security baseline configuration Management is a discipline at six to mansion configuration changes so that they are properly approved and documented.
So did the integrity of the security state that's maintained so that the disruption to performance
and availability or minimize
when you think about a security impact assessment, it is analysis conducted by a qualified staff with an organization to determinate extent to which changes to your invasive system affected security posture of the system. The rationale for this a Pro pro is because in face assistant, typically in a constant state of change,
Understand impact These changes on the functionality of existence Acuna controls and extent of organizational risk. Tolerance. Security impact analysis is incorporated into the document configures and change your whole process.
Lastly, you secure the package now. It's may also include an assessment of risk to understand the impact of the changes and to determine if additional couldn't shoulder required security. Packing knives is important activity in the ongoing monitoring of his scooter controls and your information systems.
This brings us to systems, architecture and interoperability of your system. A system, architecture or system architect is a conceptual model that defines the structure, behaviour and more views of the system and architecture. Description is a former description and representation of a system organized in a way that it supports
reason about the structure and the behavior of the system,
and offer really describes extent to which systems and advices can change exchange data and interpret that share data.
Now we get into testing implemented patches, fixes nice was update when you think my Patch man trick is the application software firm will patches to correct. Vulnerable is is a critical component of vulnerabilities and configuration management practices. When you look at it, most of the security breaches that occur
have occurred over the past decade are not the result of a so called zero day attack, but rather about perpetrate
by Attackers explored in your known vulnerabilities. So the past, him said it must be a quiet,
obviously must test amount. You might describe him. He must also verify it and coordinated in Children. It which means process, must be designed and followed religiously to ensure the overall effectiveness. Now, one thing that's really interesting nowadays in the past, when you had your program that were paired of various software application
that we're not so much concern again about the security aspect of that.
What it was primarily concerned about was making sure that it actually work. But nowadays part of that process and now we're seeing a lot of applications. Security is integrated within the software development assistance of intimate life cycle the purposes again to make sure that we mitigate a minimize the impact to those
potential applications that will
producing are putting together as well. So again, it looks at it forced the phases. You have requirement gathering and analysis. It looks at the design implementation You tested your deployment as well as the mains. But the most important thing is security is important. That overall process. In the past, it was not the case. This makes us to our post assessment course. In
what does Father standing with system that advice, get exchange data and interpret that share data?
Is it a interoperability of system, the system architecture? See deterrent controls or D identity and several factor authentication?
If you say, let the air you after the greatest title in probability of the systems,
this brings us to our review. During this price of you discussed implantation of configuration management plan, we discussed it defined exactly what security impact analysis is all about. We took a licking security architecture operative system, and last we took a look at testing and men and patches fixes as well as updates,
and our upcoming presentation will be discussing Section number five, taking a look at participate in security awareness and training. Again, I look forward to seeing you on the next video