Domain 1 · 1.3 Change Management
1.3.2 Technical Implications
Allow/deny lists, downtime, restarts, dependencies.
14 min
Technical implications = effects a technical change has on security, availability, and performance. Even small changes can break compatibility or open new vulnerabilities.
Allow vs Deny lists
- Allow List (Whitelist) → only listed items run → "default deny"
- ✅ More secure — only pre-approved software/IPs/users
- Deny List (Blacklist) → only listed items blocked
- ❌ Less secure — unknown malware can still run
- *Exam rule:* Allow List > Deny List for security
Restricted activities
Limits to reduce attack surface: - No software installs - No USB drives - No PowerShell scripts - Block certain websites / unauthorized apps
Downtime & restarts
- Downtime → system/service unavailable (planned or unexpected)
- Minimize via redundancy, clustering, maintenance windows
- Service Restart → restart a specific service only (web, DB)
- Application Restart → restart only the patched app (CRM, ERP)
Legacy applications
- Old apps still in use, unsupported or unpatched
- Risks → outdated protocols, weak crypto, EoL OS
- Mitigate with segmentation, VM isolation, compensating controls
Dependencies
- Apps rely on DBs, APIs, auth services, libraries
- Updating one component can break another → run impact analysis first
Documentation that must be updated
- Diagrams → network, architecture, topology → must reflect reality
- Policies & Procedures → reflect new controls (MFA, password rules, backups)
Version Control
- Keeps full history of configs / code / docs
- Tracks who, when, what changed → audit trail
- Enables rollback when a change breaks things
Exam takeaway
Every change → evaluate impact, document, update diagrams + policies, manage via version control.