Change Management, Configuration Management, and Patch Management
CISA aspirants should be aware of the following aspects of change, configuration, and patch management processes for the exam.
Change Management Process
A change management process is used when changes are being made to hardware, software, and configuration of various network devices. It includes approval, testing, scheduling, and rollback arrangements.
The following are some of the best practices for a well-defined change management process:
- When implementing a change, all relevant personnel should be informed and specific approval should be obtained from the relevant information asset owners.
- To carry out changes, it is always advisable to use individual IDs rather than generic or shared IDs. Individual IDs help to establish accountability for any transaction.
- For every change, transaction logs should be maintained. A transaction log is used as an audit trail for further investigation. This...