From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Ongoing configuration management

Ongoing configuration management

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Ongoing configuration management

- [Presenter] Once you've defined secure configuration and version management controls for hardware and software, you should turn your attention toward maintaining those secure configurations over time. Three things you can use to accomplish this are interfaces, documentation, and software security patches. Certain configuration items are set during installation and deployment, while other configuration items are accessible through different application interfaces. User interfaces should ideally limit configuration items to individual users. A user may be able to change their own password, for example, but it's unlikely they'll need the ability to change someone else's password. Admin interfaces have access to security configuration items that can affect the entire application, as well as all users who can access the app. Admins may be able to update TLS certificates, change user passwords, and configure connections to other systems and applications. Because of that additional…

Contents