(ISC)2 Certified in Cybersecurity Practice Exam

Which policy covers the documentation, approval, and rollback of technology changes?

• A. Cybersecurity Policies
• B. Change Management Policies
• C. Incident Response Policies
• D. Access Control Policies

The correct answer is: Change Management Policies

The selection of Change Management Policies as the correct answer is appropriate because these policies specifically address the processes required for managing technology changes within an organization. This includes the documentation necessary to track each change, the approval processes to ensure changes are validated and authorized before implementation, and rollback procedures to revert systems to their previous state if a change leads to unexpected issues or failures. Change management is pivotal in minimizing disruption to services and ensuring that changes do not adversely affect the security, performance, or stability of the technology infrastructure. By formalizing these processes, organizations can better control the lifecycle of changes, manage associated risks, and maintain operational integrity. In contrast, while cybersecurity policies encompass broader guidelines for protecting information systems, they do not specifically focus on the detailed processes related to technology changes. Incident response policies are designed to handle security incidents and outline the procedure to follow during such events, which is distinct from managing regular changes to technology. Access control policies pertain to who can access specific systems and data, focusing on user permissions and authentication rather than the procedural details of implementing or rolling back changes in technology.