CISSP · Question #334
After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT af
The correct answer is B. Conduct a security impact analysis. A security impact analysis is a process of assessing the potential effects of a change on the security posture of a system. It helps to identify and mitigate any security risks that may arise from the change, such as new vulnerabilities, configuration errors, or compliance issues
Question
After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT affect the network security posture?
Options
- AConduct an Assessment and Authorization (A&A)
- BConduct a security impact analysis
- CReview the results of the most recent vulnerability scan
- DConduct a gap analysis with the baseline configuration
How the community answered
(23 responses)- A4% (1)
- B78% (18)
- C4% (1)
- D13% (3)
Explanation
A security impact analysis is a process of assessing the potential effects of a change on the security posture of a system. It helps to identify and mitigate any security risks that may arise from the change, such as new vulnerabilities, configuration errors, or compliance issues. A security impact analysis should be conducted after following the change management plan and before implementing the change in the production environment. Conducting an A&A, reviewing the results of a vulnerability scan, or conducting a gap analysis with the baseline configuration are also possible steps to ensure the security of a system, but they are not specific to the change management process.
Topics
Community Discussion
No community discussion yet for this question.