AnsweredAssumed Answered

IT Security and Risk Mangement in the CMDB

Question asked by Jennifer_Perdue on Dec 2, 2014
Latest reply on Dec 7, 2014 by sorjo01

My Security and Risk Management team has requested I add multiple fields into the CMDB so they may track information on CI's during an Incident as it is tied to Security and Risk Mangement, i.e., PCI info, SOX, NPI data, Bank/Loan Account numbers, etc...  I'm very hesitant to do this as it is not related to Service Management.  I understand their need to look at the CI's from a what relates to what perspective but why would I put Security and Risk information into a Service Management tool as it is specicif to that department.  Does anyone have any thoughts or suggestions?

Outcomes