Change Management is something that applies to just about every compliance standard out there. How do you handle it? Is detecting the change with LEM all you need to do to be compliant? Is there more that needs to be done? How do you as the security administrator know the change was rogue or legit?
These are questions we should all be asking ourselves as security admins. These are questions our auditors will eventually ask.
So how have you handled this?