Configuration Management controls what?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
All of these are components of Configuration Management.
The following answers are incorrect: Auditing of changes to the Trusted Computing Base.
Is incorrect because it refers only to auditing the changes, but nothing about controlling them.
Control of changes to the Trusted Computing Base.
Is incorrect because it refers only to controlling the changes, but nothing about ensuring the changes will not lead to a weakness or fault in the system.
Changes in the configuration access to the Trusted Computing Base.
Is incorrect because this does not refer to controlling the changes or ensuring the changes will not lead to a weakness or fault in the system.
Configuration management is a crucial aspect of information security management that involves the control and tracking of changes made to the organization's IT infrastructure. The Trusted Computing Base (TCB) refers to the combination of hardware, software, and firmware that provides the necessary security mechanisms and controls for a secure system operation. Configuration management, therefore, is concerned with managing changes to the TCB to ensure that they are properly authorized, tested, documented, and implemented.
Option A: "Auditing of changes to the Trusted Computing Base" implies that configuration management only involves auditing changes to the TCB. This option is not correct because configuration management is not only limited to auditing changes but also includes controlling and managing those changes.
Option B: "Control of changes to the Trusted Computing Base" is a better option than option A as it emphasizes the importance of controlling changes made to the TCB. Configuration management involves controlling changes to ensure that they are properly authorized and tested before implementation. This option, however, does not include auditing the changes made to the TCB.
Option C: "Changes in the configuration access to the Trusted Computing Base" is not correct because configuration management is not concerned with changes in access to the TCB but rather with managing changes to the TCB itself.
Option D: "Auditing and controlling any changes to the Trusted Computing Base" is the correct option as it highlights the two main aspects of configuration management. Auditing is important for tracking and documenting changes made to the TCB, while controlling ensures that the changes are authorized, tested, and implemented correctly.
In summary, configuration management involves both auditing and controlling changes made to the TCB to ensure that the system remains secure and effective. Option D is the correct answer as it covers both aspects of configuration management.