This is part of the overall issue of change management. I wrote a
pretty good article on it for Burton Group under "Change Management
for the Enterprise" but unless your company subscribes I cannot get
you a copy. It took the approach of change control ala several of the
books I have written over the years including "A Short Course on
Computer Viruses". If you look up:
"sound change control"
on Google you should get a lot of useful information - keep the
"quotes" or you will get lots of irrelevant stuff.
Early on the list will be:
http://all.net/CID/Defense/Defense121.html
which is very basic...
FC
On Jan 11, 2006, at 7:13 PM, Brad Bemis wrote:
I am looking for process resources that address code promotion/
release management from the time that an application has been
developed and is ready for testing, to the point at which it is
actually fully deployed in a production environment (not looking
for the whole lifecycle right now). Something that talks about all
of the ins and outs of controlling this particular portion of the
overall software delivery process.
What I am interested in are good examples or white papers that
address the issue. Please note that I am already drawing from the
following:
COBIT
ISO 17799
ITIL
CMM/SSE-CMM/CMMI
ISF Standard of Good Practice
FFIEC IT Examiners Handbook
NIST 800 Series
A few other odds and ends
Am I missing something that speaks more directly to this subject?
Thanks in advance,
Brad Bemis, CISSP, CISA
-- This communication is confidential to the parties it is intended
to serve --
Security Posture securityposture.com tel/fax
University of New Haven unhca.com 925-454-0171
Fred Cohen & Associates all.net 572 Leona Drive
ASP Press asp-presss.com Livermore, CA 94550
