Change Management
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Security+ premium course — no separate purchase.
Included in this chapter:
- Change management as a security control
- Technical implications, documentation, and version control
- Exam-pattern recognition: spotting the change-management answer
Change-management element → security purpose
| Element | Security purpose | Risk if skipped |
|---|---|---|
| Approval process & ownership | Forces review and assigns accountability before a change touches production | Unauthorized or unreviewed changes; no one answerable for the outcome |
| Impact analysis | Surfaces security exposure and affected systems in advance | Undetected blast radius; a change opens an unseen attack path |
| Test results | Proves the change behaves as intended outside production | Untested change breaks a control or service on first contact |
| Backout plan | Restores the prior known-good state on failure | No recovery path; an outage or misconfiguration persists |
| Maintenance window | Confines downtime and restarts to lowest-impact time | Disruption hits peak usage; dependent services fail unexpectedly |
| Allow/deny list update | Controls what software or traffic is permitted | Drift between intended and actual policy; shadow access |
| Updated diagrams, policies & procedures | Keeps the documented state aligned with reality for responders and auditors | Responders troubleshoot a stale picture; audit findings |
| Version control | Immutable, attributable history of every change | No audit trail; cannot prove who changed what or revert cleanly |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.