Managerial Issues and Information Security
December , 2010
CMGT/545
Professor Poole
Managerial issues associated with the management of organizations information Systems (IS) infrastructure, is very dependent on information related to configuration management (CM). This is the practice of accumulating detailed updated information that describes hardware and software within the organization. Such information will most likely include the updates and versions that have been used to installed software and the network addresses and locations of hardware devices. Of much concern to management is the issue of hardware failures, system down time, and inadequate system information to permit operational continuity. Configuration management is a practical tool intended to gather information during the installation and implementation of a hardware or software upgrade, and make that information available during preventative maintenance, as needed by a computer professional trying to accesses it for the purpose of configuration management, maintenance or utilizing its program and database to see what is currently installed. This facility empowers the technician to make a more informed decision about the type of upgrades necessary. An advantage of a configuration management application is that the entire collection of systems can be reviewed to make sure any changes made to one system do not adversely affect any of the other systems Because there are no preset standards written for company to follow, there are issues that will occur that doesn’t conform to industry standards. The industry standards in configuration management and controls are varied. According to http://tamarawilhite .com, the International Standards Organization (ISO) does not have a formal standard for configuration management. Bear in mind that quality management does require proper documentation, tracking, and modifications to parts. ISO standard 10007 do however provide a set of recommendations for change management and a quality management system to retain control over change requests. ISO 10007 outlines the recommendations for identifying each configuration uniquely and using change review boards. ISO 10007 gives recommendations on how to perform configuration status accounting, the ability to report the baseline configuration of a part structure or document structure for any given date. ISO 10007 also recommends that companies perform configuration audits to ensure the configuration of products when they are built or shipped. Training approaches to allow for adaptive maintenance and confidence are objective, yet constructed on a premise that is dependent on the IT ERP. The construction of an IT Infrastructure that adheres to the perquisites outlined in a Business Requirements Document must align itself to the System Development Life Cycle and emphasize the training approaches for adaptive maintenance. Adaptive maintenance must be interfaced with training, because if it is omitted as functional aspect of the training process, it creates an operational deficiency issue for the whole company. Every organization must be confident in approaching the changes that will occur to its IT infrastructure, and absolute in knowing that training is both adaptive and concurrent to any upgrades or maintenance that takes place. The effect of globalization on managing and IS infrastructure is transient yet critical to the safety of information as it is shared. In a global market place where information and its various platforms are both