What is Configuration Management and what do I need to know for the CISSP Exam?
If you were a four-person office providing expert security consulting, you would buy a laptop and go through an install of your favorite programs, set up the security settings. What if your employee decided she liked a shiny new software because she did not like the one that the others were using. The above behavior will impact the security of the company, employees, and customers. The above scenario does not scale well when you have 2000 employees in four different locations. You want standard configurations, patch management policy, security and remote access software. Now imagine if you are a government agency or a Corporation doing business in multiple countries. Different countries will have various requirements for privacy and security which needs to be implemented by designing policies for computing, network and security devices.
So what do you have to know about Configuration Management for the CISSP exam?
- A baseline configuration (image) is designed for devices and roles. If a laptop is to be given to a field technician it will have a different image (configuration) from one for an office employee.
- Any request to change a configuration of a firewall, server or security device will be reviewed and approved before it is implemented.
- For mobile devices (phones, tablets or IoT) a software (Mobile Device Management MDM) is installed on the devices to track and implement the security and user policies.
- In the United States, NIST (https://usgcb.nist.gov) defines the baseline configuration to be used by government agencies.
- Software vendors like Microsoft have their own support pages to support the baseline prescribed (https://blogs.technet.microsoft.com/fdcc/)
Join our Facebook group and connect with professionals working towards passing the CISSP Exam like you.
Configuration Management for the CISSP Exam