Using the CMDB to Manage Controls
The more difficult and time consuming it is then the more likely there will be errors, people avoiding the system, etc. This then causes the CMDB death spiral wherein the system is so inaccurate people dont use it. And, because they dont use it, it gets even more inaccurate, etc. The spiral repeats until the system fails. How we choose to use the CMDB to track control and audit information needs to be done with careful deliberation to ensure the value is in excess of the costs both in terms of implementation as well as the ongoing costs in production.
George Spafford is a principal consultant with Pepperweed Consulting and a long-time IT professional. George's professional focus is on compliance, security, management and overall process improvement.