N2K - Flash Cards - General Security Concepts - Explain the importance of change management processes and the impact to security
What is the term for a time period in which a system will be unavailable due to servicing?
Maintenance Window
Which business process impacts security operations by ensuring that proposed changes undergo thorough review and authorization before implementation?
The approval process of formal change management
What is the primary concern of the BIA?
Business Impact Analysis (BIA) identifies all business resources that could be lost
Allow lists, deny lists, restricted activities, service restart, application restart and legacy applications are examples of what kind of impacts to security in the change management process?
Technical Implications
What is it called when a system is offline and/or unavailable to perform services?
Downtime
Which technical implication impacts change management security operations by stopping and starting specific processes to enforce security policies or apply updates?
Service Restart
What is the term for a plan for reversing changes made during an unsuccessful update to IT operations?
A rollback or backout plan
What is a dependency vulnerability?
Vulnerabilities caused by dependencies on insecure code found in shared or public code repositories.
Which step must be completed before a change request can be sent for approval or denial, according to COMPTIA?
Determining the correct decision-makers for the change
Which two entities are responsible for the majority of project changes?
Stakeholders (including the project sponsor) and team members
Which business process impacts security operations by providing critical feedback on the effectiveness and integrity of proposed changes?
Test Results
Which technical implication impacts change management security operations by limiting or prohibiting certain actions or behaviors to prevent security breaches or unauthorized activities?
Restricted Activities
Which business process impacts security operations by assigning responsibility for overseeing change implementation and ensuring that security considerations are addressed?
Ownership
Which technical implication of change management impacts security operations by restarting specific applications to address security vulnerabilities or apply configuration changes?
Application restart
Which change management process impacts security by ensuring that changes are tracked, documented, and reversible, reducing the risk of unauthorized or malicious alterations?
Version Control
Which protocol, used in legacy applications that use XML to encode calls, leverages HTTP as a transport mechanism and is susceptible to API attacks?
Extensible Markup Language-Remote Procedure Call (XML-RPC)
What are the two key elements in documenting the results of change management?
Updating diagrams and updating policies/procedures
What is meant by the term allow list?
The list of applications, systems, or networks that are in scope and should be tested (previously referred to as a whitelist, a deprecated term)
Which business process impacts security operations by outlining the step-by-step process for executing changes and ensuring adherence to security protocols?
Standard Operating Procedure
