1
Q
Change management
A
- How to make a change
– Upgrade software, patch an application, change firewall
configuration, modify switch ports - One of the most common risks in the enterprise
– Occurs very frequently - Often overlooked or ignored
– Did you feel that bite? - Have clear policies
– Frequency, duration, installation process, rollback
procedures - Sometimes extremely difficult to implement
– It’s hard to change corporate culture
2
Q
Rollback plan
A
- The change will work perfectly and nothing will ever go bad
– Of course it will - You should always have a way to revert your changes
– Prepare for the worst, hope for the best - This isn’t as easy as it sounds
– Some changes are difficult to revert - Always have backups
3
Q
Sandbox testing
A
- Isolated testing environment
– No connection to the real world or production system
– A technological safe space - Use before making a change to production
– Try the upgrade, apply the patch
– Test and confirm before deployment - Confirm the rollback plan
– Move everything back to the original
– A sandbox can’t consider every possibility
4
Q
Responsible staff members
A
- A team effort - Many different parts of the organization
- IT team - Implements the change
- Business customer - The user of the technology or software
- Organization sponsor
– Someone’s budget is responsible for the process
– Or responsible for the profit
5
Q
Change management process
A
- A formal process for managing change
– Avoid downtime, confusion, and mistakes - Nothing changes without the process
– Complete the request forms
– Determine the purpose of the change
– Identify the scope of the change
– Schedule a date and time of the change
– Determine affected systems and the impact
– Analyze the risk associated with the change
– Get approval from the change control board
– Get end-user acceptance after the change is
complete
6
Q
Change request forms
A
- A formal process always seems to include a bit of
paperwork
– This is usually an online system - Nothing gets missed
– Easy to manage
– Create detailed reports and statistics - Usually a transparent process
– Many different groups and people are usually
7
Q
Purpose of the change
A
- Why are we doing this?
– There needs to be a compelling reason - Application upgrades
– New features
– Bug fixes
– Performance enhancements - Security fixes
– Monthly patches and vulnerability fixes - There needs to be a good reason
– Changes are costly
8
Q
Scope of the change
A
- Determine the effect of the change
– May be limited to a single server
– Or an entire site - A single change can be far reaching
– Multiple applications, Internet connectivity,
remote site access, external customer access - How long will this take?
– Specific date and time for the change
– May have no impact, could have hours of downtime
9
Q
Risk analysis
A
- Determine a risk value - i.e., high, medium, low
- The risks can be minor or far-reaching
– The “fix” doesn’t actually fix anything
– The fix breaks something else
– Operating system failures
– Data corruption - What’s the risk with NOT making the change?
– Security or application vulnerability
– Unexpected downtime to other services
10
Q
Change board and approvals
A
- Go or no go
– Lots of discussion - All important parts of the organization are represented
– Potential changes can affect the entire company - Some changes have priority
– The change board makes the schedule
– Some changes happen quickly, some take time - This is the last step
– The actual work comes next
11
Q
End-user acceptance
A
- Nothing happens without a sign-off
– The end users of the application / network - One of your jobs is to make them successful
– They ultimately decide if a change is worth it to them - Ideally, this is a formality
– Of course, they have been involved
throughout this entire process
– There’s constant communication before and after
Comptia A+ Core 2
flashcards
Decks in class (69)
# Cards
-
1.1 An Overview of Windows8
-
1.1 - Windows Features8
-
1.1 - Windows Upgrades5
-
1.2 - Windows Command Line Tools15
-
1.2 - The Windows Network Command Line8
-
1.3 - Task Manager7
-
1.3 - The Microsoft Management Console9
-
1.3 - Additional Windows Tools6
-
1.4 - The Windows Control Panel15
-
1.5 - Windows Settings11
-
1.6 - Windows Network Technologies8
-
1.6 - Configuring Windows Firewall3
-
1.6 - Windows IP Address Configuration3
-
1.6 - Windows Network Connections5
-
1.7 - Installing Applications10
-
1.8 - Operating System Overview10
-
1.8 - Filesystems5
-
1.9 - Installing Operating Systems7
-
1.9 - Upgrading Windows5
-
1.10 - macOS Overview6
-
1.10 - macOS System Preferences7
-
1.10 - macOS Features12
-
1.11 - Linux Commands20
-
1.11 - Linux Features4
-
2.1 - Physical Security9
-
2.1 - Physical Security for Staff8
-
2.1 - Logical Security7
-
2.1 - Active Directory8
-
2.2 - Wireless Encryption8
-
2.2 - Authentication Methods5
-
2.3 - Malware10
-
2.3 - Anti-Malware Tools7
-
2.4 - Social Engineering10
-
2.4 - Denial of Service4
-
2.4 - Zero-Day Attacks2
-
2.4 - On-Path Attacks3
-
2.4 - Password Attacks5
-
2.4 - Insider Threats2
-
2.4 - SQL Injection2
-
2.4 - Cross-site Scripting5
-
2.4 - Security Vulnerabilities6
-
2.5 - Defender Antivirus3
-
2.5 - Windows Firewall3
-
2.5 - Windows Security Settings9
-
2.6 - Security Best Practices10
-
2.7 - Mobile Device Security9
-
2.8 - Data Destruction5
-
2.9 - Securing a SOHO Network15
-
2.10 - Browser Security11
-
3.1 - Troubleshooting Windows11
-
3.1 - Troubleshooting Solutions14
-
3.2 - Troubleshooting Security Issues6
-
3.3 - Removing Malware9
-
3.4 - Troubleshooting Mobile Devices8
-
3.5 - Troubleshooting Mobile Device Security12
-
4.1 - Ticketing Systems6
-
4.1 - Asset Management3
-
4.1 - Document Types9
-
4.2 - Change Management11
-
4.3 - Managing Backups10
-
4.4 - Managing Electrostatic Discharge4
-
4.4 - Safety Procedures4
-
4.5 - Environmental Impacts7
-
4.6 - Privacy, Licensing, and Policies13
-
4.7 - Communication6
-
4.7 - Professionalism5
-
4.8 - Scripting Languages7
-
4.8 - Scripting Use Cases8
-
4.9 - Remote Access12
