Your company decides to sell toys online worldwide, which will be supported by a three-tiered web-based E-Commerce system developed in-house. The web servers for the production environment have been implemented but not baselined and approved by the management. After the stress testing, the system engineer proposes that the memory size of the database server should be expanded to 64GB to meet the performance target. If the memory modules needed are available, which of the following should the system engineer do first?
A. Install the memory modules and conduct another run of stress testing
B. Submit a request for configuration change
C. Justify the change to the change control board (CCB)
D. Document security implications in the change request
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Install the memory modules and conduct another run of stress testing.
Change management is a crucial concept in the CISSP exam. This question is written to remind you of the relationship between baseline and change management. In most cases, change management should be followed.
Change is a modification to a baseline. A baseline stands for the current state in a broad sense. Specifically, a baseline is an approved and formally controlled set of configuration items. Change management is the structural or systematic approach to prevent baselines from creeping or uncontrolled modifications to address risk.
As the web servers for the production environment have been implemented but not baselined and approved by the management, there is no need to conduct change management at this stage.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.