1.3 Explain the importance of change management processes and the impact to security.

Approval process

The formal procedure required before implementing changes to ensure that all necessary stakeholders agree and understand the implications.

Ownership

The responsibility of a designated individual or department for managing the change control process and ensuring proper implementation.

Stakeholders

Individuals or departments impacted by the proposed change, who may provide input and influence when changes are made.

Impact analysis

The assessment of potential consequences that a proposed change may have on systems or operations within an organization.

Test results

Outcomes from testing conducted prior to or after a change implementation to verify that systems function correctly without issues.

Backout plan

A documented procedure to revert systems to their previous state in case a change leads to problems or failures.

Maintenance window

A designated period during which changes can be made to systems, often scheduled during off-peak hours to minimize disruption.

Standard operating procedure

Documented processes that outline how changes should be handled in an organization, ensuring consistency and compliance with policies.

Technical implications

The potential effects that a change can have on systems, applications, and operations, including risks and dependencies.

Allow lists/Deny lists

Allow lists are lists of approved applications that can run on a system, while deny lists specify applications that are blocked from running.

Restricted activities

Actions that are limited or prohibited during a change process to ensure system stability and security.

Downtime

Periods during which a system or application is unavailable, often scheduled for maintenance or updates.

Service restart

The action of stopping and starting a service to apply changes; this may be required for new configurations to take effect.

Application restart

The process of shutting down an application and starting it up again, often necessary after updates or changes are made.

Legacy applications

Older software programs that may no longer be supported by developers but are still in use within an organization.

Dependencies

Relationships between different applications or services, where the functioning of one depends on the other being updated or installed first.

Documentation

The process of recording information about changes made to systems, applications, or policies to ensure clarity and maintain records for future reference.

Updating diagrams

The act of revising visual representations of systems or processes to reflect changes, enhancing understanding and communication regarding the current state of the environment.

Updating policies/procedures

The act of revising written guidelines and processes that govern how changes should be implemented or managed within an organization.

Version control

A system that records changes to files or sets of files over time so that specific versions can be recalled later, allowing for collaboration and tracking of edits.