Security Configuration Management (SCM)

The configuration of an information system and its components has a direct impact on the security posture of the system. How those configurations are established and maintained requires a disciplined approach for providing adequate security and to compliance with International security standards such as ISO27001, as well as rapidly evolving Data Protection Regulations. Changes to the configuration of an information system are often needed to stay up to date with changing business functions and services, and information security needs.

These changes can adversely impact the previously established security posture; therefore, effective configuration management is vital to the establishment and maintenance of security of information and the information system. The security-focused configuration management process is critical to maintaining a secure state under normal operations, contingency recovery operations, and reconstitution to normal operations.

Security Configuration Management (SCM) is the management and control of secure configurations for an information system to enable secure operations and facilitate the management of risk. SCM builds on the general concepts, processes, and activities of configuration management by assessing the implementation and maintenance of the built-in security controls provided by all system vendors, in order to meet the security requirements of the organisation.

SCM requires detailed assessment of available security controls as well as maintenance of up to date security patches. Today we have many major organisations worldwide using our SCM solutions, including our proprietary Assuria Auditor solution, as well as OpenVAS which is integrated with our ALM-SIEM solution.