B. Changes and change approvals are not documented.
This is because the lack of documentation for changes and approvals can lead to a lack of accountability, traceability, and control. It can also make it difficult to verify that changes have been properly implemented and approved. This could potentially lead to unauthorized changes being made, which could impact the stability and security of the system. Therefore, it is crucial for an organization to document all changes and approvals as part of their configuration and release management process.
Of the options provided, the absence of a centralized configuration management database (CMDB) should be of GREATEST concern to an IS auditor assessing an organization's configuration and release management process.
A centralized CMDB is a critical component of effective configuration and release management. It serves as a centralized repository for storing and managing information about configuration items (CIs), including hardware, software, and their relationships. Without a CMDB, it becomes challenging to track and manage changes, dependencies, and configurations in a systematic and controlled manner.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
3008
1 month agoFAGFUR
1 month, 3 weeks agoBA27
2 months, 3 weeks agoJONESKA
5 months, 2 weeks ago