I. Define that the purpose of configuration and change management is to manage the effects changes have on an information system and/or network.
II. Express an understanding that configuration management varies widely from one organization to another.
III. Discuss the reasoning why continuous monitoring and management of information system changes must be monitored to protect the health of an information security system.
IV. Review the following terms as they apply to change management processes:
• Configuration item
• Configuration
• Version
• Built list
• Major release
• Revision date
• Software library
• Minor release
V. Explain the change management (CM) process and the steps required to ensure that all changes are properly requested, evaluated, and authorized. Review the five steps that make up this process:
• Step 1: Identify change
• Step 2: Evaluate change request
• Step 3: Implementation decision
•  Step 4: Implement approved change request
• Step 5: Continuous monitoring