Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Info_Sec&Cyber_Security_Intervention-v1

100 views

Published on

  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Info_Sec&Cyber_Security_Intervention-v1

  1. 1. Discovery actions Remedial actions Goals (expected improvements) Document the client’s expectations and set measurablegoals. Use R.A.C.I. to name who should be involved with achieving each goal. Document relevant past events and propose actions to prevent repeats. Inventory and evaluate existing Info Sec/Cyber Security-related hardware & software configuration items, policy, vendor performance, etc. Perform requirements gathering. Report on ITSM, Info Sec and ITIL compliance documenting performancegaps with proposed remedies mentioned briefly.* Reach agreementon which systems and networks are critical and which are non- critical.* Determine any additional needs the client has not mentioned and prepare recommendations.* (e.g., How will information documented previously be used for business continuity planning?) Determine if enough improvements can be made realistically considering the client’s resources, culture &executive leadership. Negotiate MSP agreement with a schedule ofremedial actions or terminate the relationship now. Develop a short-term win/win agreement or separation as friends. Test security solutions identified earlierin this process. Report results with recommendations.* Create a series ofcommunications to be sent from the owner or execs communicating how and why security is more important, to be given more attention, and how compliance will be measured and reported after ITaudit plans are documentedand participants are invited.* Design and deploy security-related alerts triggered according to best ITSMpractices. Implement the security-related management reports plan and schedule reflecting best ITSM practices. Plan and develop timelines for ITsecurity audits, incident management actions, and disaster recovery efforts.* Design and run proof-of-concept tests for identified advanced security solutions. Report results and make recommendations.*
  2. 2. * Document the client’s response to each of these communications. The at-a-glance summary outlined above should incorporate best practices and tools tailored to fit the needs documented during this process. Tools should be used for business continuity planning, security policy, risk analysis, network security, biometrics, etc. Best practices should address the following needs: a. Understanding begins with the definition of terms. - How should objectives and scope of ITSM be defined? - How should roles of the Service Desk and other resources be defined? - How should reliance upon these definitions be reinforced? b. Executives and middle management teams must communicate, monitor and support what is planned, purchased and promoted. - Who will be responsible for which communications? - Who will be responsible for monitoring progress? - How will responsible persons be required to succeed? c. Plan how the objectives of the Service Desk and other groups will be monitored and achieved using the R.A.C.I. model. - Who will be responsible for ______________? - Who is to be accountable for _______________? - Who is to be consulted about _______________? - Who is to be informed of ________________? d. A formal service management model must be documented with illustrations and explanations and communicated thoroughly . - What components should be included? - What workflows are expected? - Can the model be patented or protected as a trade secret? e. Document and distribute processes, procedures, etc. so everyone can sing from the same sheet of music. - What hierarchy of processes, procedures, etc. should be developed? - What should be included in a style guide for this business venture? - Who are the SMEs and SPOCs to be contributors? - What configuration items should be referenced in the documentation? f. Tailor work processes and systems tomake sure they support your ITSM goals with the right tools and talent. - How should initial documentation be drafted to reflect what is anticipated? - How should what is drafted be improved to reflect reality? - Is what is documented expected toreflect the one best way to do each type of work? g. Define, document and deploy monitoring metrics in ways measurements will be trended over time and used to evaluate performance objectively. - How will the top 10 call drivers be recognized? How should they be remedied? - How should they be prevented? - How will the 20% of the problems causing 80% of the costs be remedied?
  3. 3. h. Negotiate and document roles and responsibilities for all staff using the R.A.C.I. determinations noted above. - What are people to account for? - How will performance be measured daily, trended over time and reported? - How will responsible parties be held accountable? i. Discover, document and deliver a realistic, relevant and robust knowledge base. - How will users be trained to use it? - How will staff be required to use it? - How will users be required to improve it? j. Define, document and deploy reporting standards. - How should the standards reflect meaningful milestones? - What key performance indicators (KPIs) should be measured and trended? - What vendor or programmer can provide a dashboard for at-a-glance viewing? Can it be shared by all decision makers? k. Define, document and deploy role-based cybersecurity policy. - What are our minimum cybersecurity requirements? - What measures and equipment should be put in place? - How should cybersecurity be monitored daily and trended over time? - How can funding for needed improvements be justified objectively? l. Investment in people is critical to the successful adoption and ongoing success of IT services, support, and sustainability; communication, training and evaluation are three types of investment which are often neglected. - How should the above information and related decisions be incorporated in trainings to facilitate a learning organization with sustaining values? - What should be done before, during and after hirings or transfers to facilitate effective and efficient learning?

×