Technical Implications of Changes

(OBJ 1.3)

Technical Implications of Changes

• Technical implications of proposed changes involve understanding and grasping potential impact of changes

• Allow Lists and Deny Lists

  • Allow List
    • Specifies entities permitted to access a resource
  • Deny List
    • Lists entities prevented from accessing a resource
  • Review both lists when proposing changes to prevent unintended access restrictions or grants
  • Essential for maintaining system functionality and security
  • Used by routers and firewalls to either allow or deny certain resources from being accessed.
  • Example:
    • Adding or removing an IP address can actually inadvertently grant or restrict access to certain critical services.
    • It is also important to conduct a firewall rules review to ensure that your existing tules will work on your new firewall and that they'll properly migrate into the new device as well.
    • Security will be compromised otherwise.

• Restricted Activities

  • Certain tasks labeled as 'restricted' due to their impact on system health or security
  • Verify proposed changes for any restricted activities
  • Prevent data breaches and operational disruptions by understanding restrictions

• Downtime

  • Any change, even minor, carries the risk of causing downtime
  • Estimate potential downtime and assess its negative effects against benefits
  • Schedule changes during maintenance windows to minimize impacts on end users

• Service and Application Restarts

  • Some changes, like installing security patches, require service or application restarts
  • Restarting critical services can be disruptive, potentially causing data loss or backlog
    • Data may be lost in transit and backlog may be created during associated downtime.
    • Measure the approximate time that your services will be back online
  • Consider the implications of restarts, especially for key servers

• Legacy Applications

  • Older software or systems still in use due to functionality and user needs
  • Legacy applications may still be robust or reliable but are less flexible and more sensitive to changes
    • Generally less supported than modern applications.
  • Minor updates can lead to malfunctions or crashes, so assess their compatibility.
  • It is important to understand which legacy applications may be existing inside of your environment and how they might be affected by a given proposed change.

• Dependencies

  • Interconnected systems create dependencies, where changes in one area affect others
  • Mapping dependencies is crucial before implementing changes
  • Prevents cascading effects, outages, or disruptions in various parts of your network