1.3 - CompTIA Security+

Business processes impacting security operation

Approval processes

  • Change approval process: A formal procedure for requesting, reviewing, and authorizing changes. Includes a change request, change scope, risks, implementation time, and a backout plan.

Ownership

  • Ownership: Refers to the individual or entity that needs to make a change - they may own the process, but they don’t perform the actual change work (e.g., a Shipping/Receiving department owns printers, but the change is performed by the IT department).

Stakeholders

  • Stakeholders: Refers to individuals impacted by a change - they’ll want to have input on the change management process. This might not be as obvious as you might think (e.g., a printing label change could affect end-users, delivery times, and reporting).

Impact analysis

  • Impact analysis: Used to determine how risky a change may be (what risks are involved with making or not making the change).

Test results

  • Test results: Refers to testing the potential change in a sandbox environment to determine how it will affect corporate systems without impacting the production environment.

Backout plan

  • Backout plan: Contingency plan designed to roll back a system to its previous state in the event that a new deployment causes unforeseen issues.

Maintenance window

  • Maintenance window: A specified time period during which system updates or fixes can occur.

Standard operating procedure

  • Standard operating procedure: A set of step-by-step instructions compiled by an organization to help workers carry out routine operations efficiently and consistently.

Technical implications

  • Technical implications: Implications of the change management process from the technician’s perspective.

Allow lists/deny lists

  • Allow lists/deny lists: Lists used to control access to resources by specifying which users or systems are permitted (allow list) or prohibited (deny list).

Restricted activities

  • Restricted activities: These are actions or behaviors that are permitted within the change approval scope - no changes are allowed, other than the ones explicitly documented and approved.

Downtime

  • Downtime: This refers to periods when systems are unavailable due to maintenance, updates, or other approved changes.

    • For 24×7 environments, try to switch to a secondary system, upgrade the primary system, then switch back.

Service restart

  • Service restart: Stop or restart the service/daemon - may take seconds or minutes.

Application restart

  • Application restart: Install the relevant application materials, close the application, and launch a new application instance.

Legacy applications

  • Legacy applications: Applications that were developed using older programming languages or techniques that may not be compatible with modern operating systems and environments. Document how the application is installed, or any relevant configuration settings to administer.

Dependencies

  • Dependencies: Requires technicians to install an update to other systems and/or install relevant application libraries to administer updates that support the application’s functionality.

Documentation

  • Documentation: Written guidelines that outline changes, including their scope, relevant dependencies and backout plans.

Updating diagrams

  • Updating diagrams: Ensuring all diagrams (e.g., network topology) correspond to recent changes.

Updating policies/procedures

  • Updating policies/procedures: Reviewing and refining existing procedures to align with updated systems.

Version control

  • Version control: Tracks changes to a file or configuration data over time (allows someone to easily revert to a previous setting).