IT Change Management




             Risk Factors and Controls











                                          Patches tend to affect many
                                          critical system libraries and

                                          other software used by
                                          application programs.

                                          Failure to conduct a threat                                       Applications.                          Configuration.
                                          analysis or test and implement
                                          necessary patches can

                                          introduce new critical security
                                          vulnerabilities or reintroduce

                                          prior vulnerabilities.



                                                                                                              Vendors.                                Timelines.