Domain 1
1.3 Change Management
Explain the importance of change management processes and the impact to security.
0% Complete

Change Management = organizational process making every IT/security change controlled, documented, and safe.
Most incidents come from bad changes, not attackers → formal CM protects CIA and business continuity.
Core elements
- Approval process → every change reviewed & authorized
- *Exam cue:* firewall changed without approval → missing approval process
- Ownership → clear person/team responsible for the system
- Stakeholders → all affected parties (IT, security, mgmt, users, partners)
- Impact Analysis → effects on systems, dependencies, downtime, compliance, existing controls
- Test Results → proof from staging / lab (functional, regression, security, pen test)
- Backout Plan (Rollback) → steps to return to previous state if it fails
- *Exam cue:* "best way to minimize risk of a failed update" → backout plan
- Maintenance Window → planned low-impact time (night/weekend)
- Standard Operating Procedure (SOP) → step-by-step, repeatable instructions
Exam shortcut
- Approval = authorization
- Ownership = responsibility
- Stakeholders = all affected parties
- Impact analysis = consequences
- Test results = safe to deploy
- Backout plan = rollback safety net
- Maintenance window = minimize disruption
- SOP = standardized & repeatable