Open the app Sign in Start free

CISSP - Security Operations - Section 7.9

Understand and participate in change management processes.

Describe the change management process including change requests, impact assessment, approval process, implementation, and rollback planning. Recognise how bypassing change control increases the risk of unintended security regressions in production environments.

change managementchange controlapproval processrollback

More in this domain

Understand and comply with investigations including evidence collection and handling, reporting, investigative techniques, and digital forensics.Section 7.1
Conduct logging and monitoring activities including IDS/IPS, SIEM, SOAR, threat intelligence, UEBA, and continuous monitoring.Section 7.2
Perform configuration management (CM) including provisioning, baselining, and automation.Section 7.3
Apply foundational security operations concepts such as need-to-know, least privilege, separation of duties, privileged account management, and job rotation.Section 7.4
Apply resource protection including media management and media protection techniques.Section 7.5
Conduct incident management including detection, response, mitigation, reporting, recovery, remediation, and lessons learned.Section 7.6
Operate and maintain detective and preventative measures such as firewalls, IDS/IPS, allow/deny lists, sandboxing, honeypots/honeynets, and anti-malware.Section 7.7
Implement and support patch and vulnerability management.Section 7.8
Implement recovery strategies including backup storage, recovery site strategies, multiple sites, and system resilience and fault tolerance.Section 7.10
Implement disaster recovery (DR) processes including response, personnel, communications, assessment, restoration, and training.Section 7.11
Test disaster recovery plans (DRP) using read-through, walkthrough, simulation, parallel, and full-interruption tests.Section 7.12
Participate in business continuity (BC) planning and exercises.Section 7.13
Implement and manage physical security including perimeter and internal security controls.Section 7.14
Address personnel safety and security concerns including travel, security training and awareness, emergency management, and duress.Section 7.15

Back to all Security Operations objectives, or the CISSP cert hub.

Examworthy is not affiliated with or endorsed by (ISC)2. Original, blueprint-aligned practice material only.