Definition: Configuration management is an information security concept that relates to establishing and maintaining settings and characteristics associated with the hardware and software of an information system. Foreknowledge, maintenance and monitoring of a system’s settings as a baseline is a fundamental information assurance concept. Any deviation from the known settings, unless properly authorized, is a potential security breach. The management of settings is established and specified by the business or organization’s policies. The entire process is associated with what is known as "change management".
Its Relevance: The settings associated with an information system must be known, dependable and support the security of information assets. Infrastructure users would, otherwise, be unable to recognize anomalous system settings influenced by intruders and malicious software. Accidental or malicious changes could be devastating. The confidentiality, integrity and availability of the information system would be at risk.
Return from "Configuration Management" to Words [A-C]