General Security Concepts: Change Management Implications & Documentations Flashcards
Why is change management so important? What are the Technical implications of change management on security ?
When you implement change management in your organization, there can be positive and negative effects depending on what types you employ, such as:
Allow lists/deny lists
Restricted activities
Downtime
What are the positive and negative impacts of the allow/denylist?
Using allow or deny lists can have:
Positive technical implications by providing clear criteria for accepting or rejecting changes and ensuring consistency, risk reduction, and efficient decision-making.
Additionally, they enable you to control which assets or changes are permitted (allow) or prohibited (deny), and help maintain system integrity, security, and compliance.
Negative technical implications because overlooking changes could result in their incorrect placement on a deny list, thereby resulting in service disruptions. An example is the blocking of a necessary security update.
Additionally, you could introduce unnecessary complexity by using extensive lists for numerous assets or change creep that leads to administrative challenges and potential errors in list maintenance.
What are the positive and negative impacts of the Restrictive activities?
Positive technical implications by reducing access privileges, stricter control over critical changes, and enhanced protection against unauthorized modifications that could introduce vulnerabilities or disruptions.
Negative technical implications by limiting access to specific individuals or teams, ensuring controlled and secure handling of changes.
What is the positive and negative implications in downtime?
Positive technical implications by allowing for planned and controlled service interruptions in which changes are implemented, thereby preventing unexpected outages.
An example is performing server maintenance and service and restarts during off-peak hours to minimize user impact. Another example is scheduling application updates and restarts to reduce system-vulnerability windows.
Negative technical implications by affecting users, services, or dependencies. This can result in reduced availability during critical operations. Additionally, uncoordinated downtime can present challenges with respect to minimizing disruptions.
How can legacy applications effect change management and Documentation?
Supporting legacy applications can have negative technical implications by introducing potential compatibility issues and security vulnerabilities into your organization. An example is older software that might not support modern security protocols or for which custom patches are required to maintain functionality.
Why is it important to use appropriate documentations?
It’s important to use documentation correctly, so it can benefit you organization, including:
Updating Diagram
Updating Policies
What are the negative and positive implications of updating a diagram?
Updating diagrams, which can have positive technical implications by providing crucial technical documentation that aids in planning, implementation, and troubleshooting of changes. This enhances overall system reliability and efficiency.
However, the negative implications are that it can lead to inaccurate change planning, thereby causing unexpected issues during implementation and hindering troubleshooting efforts. This could result in prolonged downtime if issues occur.
What are the negative and positive implications of updating policies?
Updating policies and procedures can have a positive impact by ensuring that processes align with evolving technology and security requirements. This reduces risks and enhances compliance.
However, negative impacts are possible non-compliance, security vulnerabilities, and inefficient processes that hinder change implementation and management.
What are the negative and positive implications of Version Control?
Maintaining version control can positively impact an organization by ensuring precise tracking of changes, thereby reducing errors, enhancing collaboration, and maintaining a historical record of modifications to critical assets.
However, it can introduce the risk of unauthorized changes occurring, difficulty in identifying the source of issues, and the potential for data loss or system instability due to untracked modifications.
