IT Examiner School - Oct 2023

First page Table of contents Previous page 152 Next page Last page

Internal Use Only

Personnel Controls

Security Screening in Hiring

User Access Program

Segregation of Duties

Confidentiality Agreements

Training

43

Internal Use Only

Configuration Management Institutions should use standard builds & baselines to allow one documented configuration to be applied to multiple computers in a controlled manner

When information systems change, management should update baselines; confirm security settings; and track, verify & report configuration items

Configurations should be monitored for unauthorized changes & misconfigurations should be identified

Management can use automated solutions to help track, manage & identify necessary corrections

44

Made with FlippingBook - professional solution for displaying marketing and sales documents online