Procedures: change mgmt, onboarding/offboarding, playbooks

5.1 Security governance

📘CompTIA Security+ (SY0-701)

In cybersecurity, procedures are detailed instructions on how to perform security-related tasks in a consistent, secure way. They support policies and standards by providing step-by-step guidance. For the exam, you need to know three main types of procedures: Change Management, Onboarding/Offboarding, and Playbooks.

1. Change Management

Definition:
Change management is the process of making sure all changes to IT systems (like software updates, new configurations, or hardware upgrades) are done in a controlled, documented, and approved way. Its goal is to prevent security risks, downtime, and errors.

Key Points for the Exam:

  • Why it’s important: Uncontrolled changes can create vulnerabilities, break systems, or accidentally expose data.
  • Components of Change Management:
    1. Request for Change (RFC): A formal document proposing the change.
    2. Approval process: Changes must be approved by managers or a Change Advisory Board (CAB) before implementation.
    3. Testing: Changes should be tested in a non-production environment to ensure they work safely.
    4. Implementation: Applying the change in a controlled and monitored way.
    5. Documentation: Record what was changed, who did it, and why.
    6. Review: Check after implementation to confirm the change worked and didn’t create new problems.

Example in IT:
Updating a server’s operating system version. The change is tested in a lab, approved by the IT manager, then implemented during off-hours to avoid disruption, and finally logged for future reference.

Exam Tip: Know that change management reduces risk and maintains system integrity.

2. Onboarding / Offboarding

Definition:
These procedures deal with adding new employees (onboarding) and removing departing employees (offboarding) in a secure way.

Onboarding:

  • Purpose: Give new employees access to systems, accounts, and resources while following security policies.
  • Steps:
    1. Create user accounts in Active Directory or other identity management systems.
    2. Assign appropriate permissions based on the employee’s role (principle of least privilege).
    3. Provide initial training on security policies and tools.
    4. Configure devices (laptops, phones) with proper security settings (antivirus, VPN, encryption).

Offboarding:

  • Purpose: Remove access and prevent unauthorized use after an employee leaves.
  • Steps:
    1. Disable user accounts promptly.
    2. Reclaim company devices (laptops, badges, tokens).
    3. Remove access to cloud services or third-party platforms.
    4. Archive or transfer any data the employee was responsible for.
    5. Conduct exit interviews if needed for policy compliance.

Example in IT:
When a network administrator leaves, their VPN account is immediately disabled, and the access keys to servers are changed to maintain security.

Exam Tip: Understand that onboarding ensures proper access, while offboarding prevents security breaches from former employees.

3. Playbooks

Definition:
A playbook is a detailed, step-by-step guide for responding to specific security events or IT incidents. Playbooks make incident response faster, consistent, and effective.

Key Points for the Exam:

  • Purpose: Standardize responses to known events (like malware infection, phishing, or DDoS attacks).
  • Components:
    1. Trigger/Detection: What event starts the playbook (e.g., antivirus alerts, IDS detection).
    2. Step-by-step actions: Exact instructions for IT staff (e.g., isolate machine, run scan, notify team).
    3. Roles and responsibilities: Who does what (network admin, SOC analyst, manager).
    4. Tools to use: Security software, monitoring dashboards, or scripts.
    5. Documentation: Log all steps for auditing and lessons learned.

Example in IT:
A phishing email is reported. The playbook tells the security team to:

  1. Quarantine the email.
  2. Scan affected systems.
  3. Reset user passwords.
  4. Notify management.
  5. Document the incident.

Exam Tip: Know that playbooks help teams respond consistently, reduce mistakes, and maintain compliance.

Summary Table for Quick Exam Reference

ProcedurePurposeKey Steps / Components
Change ManagementControl IT changes to reduce riskRFC, approval, testing, implementation, documentation, review
OnboardingSecurely add new employeesCreate accounts, assign permissions, train, configure devices
OffboardingSecurely remove departing employeesDisable accounts, reclaim devices, remove access, archive data
PlaybooksStandardize response to incidentsDetect event, follow step-by-step actions, assign roles, use tools, document

✅ Exam Tip Summary:

  • Change management = controlled IT updates.
  • Onboarding/offboarding = secure user access lifecycle.
  • Playbooks = step-by-step incident response guides.

All three procedures support security governance by making IT systems safer, more predictable, and compliant with organizational policies.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by