changes to a system do not result in diminished security. Configurationchange management controls provide a process by which all system changes are tracked, audited, controlled, iden- tified, and approved. It requires that all system changes undergo a rigorous testing procedure before being deployed onto the production environment. It also requires documentation of any changes to user work tasks and the training of any affected users. Configurationchange man- agement controls should minimize the effect on security from any alteration to the system. They often provide a means to roll back a change if it is found to cause a negative or unwanted effect on the system or on security. There are five steps or phases involved in configurationchange management control: 1. Applying to introduce a change 2. Cataloging the intended change 3. Scheduling the change 4. Implementing the change 5. Reporting the change to the appropriate parties When a configurationchange management control solution is enforced, it creates complete documentation of all changes to a system. This provides a trail of information if the change needs to be removed. It also provides a roadmap or procedure to follow if the same change is imple- mented on other systems. When a change is properly documented, that documentation can assist administrators in minimizing the negative effects of the change throughout the environment. Configurationchange management control is a mandatory element of the TCSEC ratings of B2, B3, and A1 but it is recommended for all other TCSEC rating levels. Ultimately, change management improves the security of an environment by protecting implemented security from unintentional, tangential, or effected diminishments. Those in charge of change management should oversee alterations to every aspect of a system, including hardware configuration and system and application software. It should be included in design, development, testing, evalu- ation, implementation, distribution, evolution, growth, ongoing operation, and application of modifications. Change management requires a detailed inventory of every component and con- figuration. It also requires the collection and maintenance of complete documentation for every system component including hardware and software and for everything from configuration settings to security features. Standards of Due Care and Due Diligence Due care is using reasonable care to protect the interests of an organization. Due diligence is practicing the activities that maintain the due care effort. For example, due care is developing a formalized security structure containing a security policy, standards, baselines, guidelines, and procedures. Due diligence is the continued application of this security structure onto the IT infrastructure of an organization. Operational security is the ongoing maintenance of continued due care and due diligence by all responsible parties within an organization. In today’s business environment, showing prudent due care and due diligence is the only way to disprove negligence in an occurrence of loss. Senior management must show reasonable due