Security+ 1.3 Explain the importance of change management processes and the impact to security

business process

A set of coordinated tasks and procedures that an organization uses to accomplish a specific organizational goal or to deliver a particular product or service.

Effectiveness is often gauged using performance baselines. A performance baseline serves as a standard measure to assess the impact of any changes on security, ensuring alignment with organizational security objectives.

Stakeholders

Individuals or groups vested in an organization’s security posture

who can directly impact security procedures and policies. Can be internal or external to specific internal business departments or external to the business.

Impact analysis

A process that involves assessing the potential effects of changes on the organization’s security landscape. Helps in proactively identifying possible security risks or issues to a system.

Security analysts should conduct this to better understand how to effectively allocate resources such as staff, budget, and tools.

Test result

An outcome of a specific test, such as a penetration test, vulnerability assessment, or simulated attack. They play a crucial role in determining the effectiveness of newly implemented measures and any adjustments needed.

Offer insights into the strengths and weaknesses of a system’s security, informing decisions about necessary improvements or adjustments. Essentially, they serve as a report card for the organization’s cybersecurity measures.

Backout plan

A meticulously outlined procedure designed to revert any changes that negatively impact security or business operations. Adheres to a predefined action list and should be created before any software or system upgrade, installation, integration, or transformation occurs.

Maintenance window

A designated time frame for performing system updates or changes that is strategically chosen to minimize disruptions.

Standard operating procedure (SOP)

A step-by-step instruction set to help workers carry out complex routine operations. SOPs are crucial for maintaining consistency, enhancing security, and ensuring that all team members follow best practices in daily operations.

Technical implications

Refer to the potential consequences or effects of a technology related decision or event in the cybersecurity landscape. Could involve alterations to network infrastructure, modifications to security protocols, or the need for additional server capacity following the implementation of new software or systems.

Allow lists

Lists of approved inputs a user or machine can enter on a system. An easy and safe way to ensure well-defined inputs such as numbers, dates, or postal codes because it allows you to clearly specify permitted values and reject everything else.

Deny list

A list of specific elements, characters, or patterns that are disallowed from being entered into a system.

Restricted activities

Specific actions or operations within a computer or network system that are limited or prohibited to maintain cybersecurity standards. Often defined through allow lists and deny lists.

Downtime

Time during which a system, network, or software application is unavailable to end users or completely offline.

Service restart

Involves halting and then reactivating a system service to implement updates, patches, or configuration changes.

Application restart

Like a service restart, but it is concentrated on a specific software application.

Legacy applications

Older software programs still serving a critical function in an organization.

Dependencies

The relationships where one software component or service relies on another to function correctly.

Documentation

Written material that provides information about a system or process. It might include user guides, technical specifications, or system descriptions.

Updating diagrams

The process of editing current diagrams of systems or networks and inserting any changes that have occurred since the diagrams were originally created.

Policies

The rules governing how IT systems are used and secured.

Procedures

The specific steps required to implement policies.

Version control

A system that records changes to a file or set of files over time so that you can recall specific versions later. It allows you to track modifications, pinpoint when and by whom changes were made, and, if necessary, revert to an earlier version.