The configuration of an information system and its components has a direct impact on the security posture of the system. How those configurations are established and maintained requires a disciplined approach for providing adequate security and to compliance with International security standards such as ISO27001, as well as rapidly evolving Data Protection Regulations. Changes to the configuration of an information system are often needed to stay up to date with changing business functions and services, and information security needs.
These changes can adversely impact the previously established security posture; therefore, effective configuration management is vital to the establishment and maintenance of security of information and the information system. The security-focused configuration management process is critical to maintaining a secure state under normal operations, contingency recovery operations, and reconstitution to normal operations.