SlideShare a Scribd company logo

Info_Sec&Cyber_Security_Intervention-v1

Download as DOCX, PDF
J
John Gilleland, CPCU
1 of 3
Discovery actions Remedial actions Goals (expected improvements) Document the client’s expectations and set measurablegoals. Use R.A.C.I. to name who should be involved with achieving each goal. Document relevant past events and propose actions to prevent repeats. Inventory and evaluate existing Info Sec/Cyber Security-related hardware & software configuration items, policy, vendor performance, etc. Perform requirements gathering. Report on ITSM, Info Sec and ITIL compliance documenting performancegaps with proposed remedies mentioned briefly.* Reach agreementon which systems and networks are critical and which are non- critical.* Determine any additional needs the client has not mentioned and prepare recommendations.* (e.g., How will information documented previously be used for business continuity planning?) Determine if enough improvements can be made realistically considering the client’s resources, culture &executive leadership. Negotiate MSP agreement with a schedule ofremedial actions or terminate the relationship now. Develop a short-term win/win agreement or separation as friends. Test security solutions identified earlierin this process. Report results with recommendations.* Create a series ofcommunications to be sent from the owner or execs communicating how and why security is more important, to be given more attention, and how compliance will be measured and reported after ITaudit plans are documentedand participants are invited.* Design and deploy security-related alerts triggered according to best ITSMpractices. Implement the security-related management reports plan and schedule reflecting best ITSM practices. Plan and develop timelines for ITsecurity audits, incident management actions, and disaster recovery efforts.* Design and run proof-of-concept tests for identified advanced security solutions. Report results and make recommendations.*
* Document the client’s response to each of these communications. The at-a-glance summary outlined above should incorporate best practices and tools tailored to fit the needs documented during this process. Tools should be used for business continuity planning, security policy, risk analysis, network security, biometrics, etc. Best practices should address the following needs: a. Understanding begins with the definition of terms. - How should objectives and scope of ITSM be defined? - How should roles of the Service Desk and other resources be defined? - How should reliance upon these definitions be reinforced? b. Executives and middle management teams must communicate, monitor and support what is planned, purchased and promoted. - Who will be responsible for which communications? - Who will be responsible for monitoring progress? - How will responsible persons be required to succeed? c. Plan how the objectives of the Service Desk and other groups will be monitored and achieved using the R.A.C.I. model. - Who will be responsible for ______________? - Who is to be accountable for _______________? - Who is to be consulted about _______________? - Who is to be informed of ________________? d. A formal service management model must be documented with illustrations and explanations and communicated thoroughly . - What components should be included? - What workflows are expected? - Can the model be patented or protected as a trade secret? e. Document and distribute processes, procedures, etc. so everyone can sing from the same sheet of music. - What hierarchy of processes, procedures, etc. should be developed? - What should be included in a style guide for this business venture? - Who are the SMEs and SPOCs to be contributors? - What configuration items should be referenced in the documentation? f. Tailor work processes and systems tomake sure they support your ITSM goals with the right tools and talent. - How should initial documentation be drafted to reflect what is anticipated? - How should what is drafted be improved to reflect reality? - Is what is documented expected toreflect the one best way to do each type of work? g. Define, document and deploy monitoring metrics in ways measurements will be trended over time and used to evaluate performance objectively. - How will the top 10 call drivers be recognized? How should they be remedied? - How should they be prevented? - How will the 20% of the problems causing 80% of the costs be remedied?
h. Negotiate and document roles and responsibilities for all staff using the R.A.C.I. determinations noted above. - What are people to account for? - How will performance be measured daily, trended over time and reported? - How will responsible parties be held accountable? i. Discover, document and deliver a realistic, relevant and robust knowledge base. - How will users be trained to use it? - How will staff be required to use it? - How will users be required to improve it? j. Define, document and deploy reporting standards. - How should the standards reflect meaningful milestones? - What key performance indicators (KPIs) should be measured and trended? - What vendor or programmer can provide a dashboard for at-a-glance viewing? Can it be shared by all decision makers? k. Define, document and deploy role-based cybersecurity policy. - What are our minimum cybersecurity requirements? - What measures and equipment should be put in place? - How should cybersecurity be monitored daily and trended over time? - How can funding for needed improvements be justified objectively? l. Investment in people is critical to the successful adoption and ongoing success of IT services, support, and sustainability; communication, training and evaluation are three types of investment which are often neglected. - How should the above information and related decisions be incorporated in trainings to facilitate a learning organization with sustaining values? - What should be done before, during and after hirings or transfers to facilitate effective and efficient learning?

Recommended

CWS Client Briefing
CWS Client BriefingCWS Client Briefing
CWS Client BriefingJon Hansen
 
Resume
ResumeResume
ResumeManikandan R
 
Exploring stakeholder engagement
Exploring stakeholder engagement Exploring stakeholder engagement
Exploring stakeholder engagement Association for Project Management
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
Dennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf
 
Stakeholder Relationship Management Audit
Stakeholder Relationship Management AuditStakeholder Relationship Management Audit
Stakeholder Relationship Management AuditAnand Subramaniam
 
Elaine Strathern CV Nov 2016
Elaine Strathern CV Nov 2016Elaine Strathern CV Nov 2016
Elaine Strathern CV Nov 2016Elaine Strathern
 
Journey to Safety Excellence – Tagline or Tangible Resource?
Journey to Safety Excellence – Tagline or Tangible Resource?Journey to Safety Excellence – Tagline or Tangible Resource?
Journey to Safety Excellence – Tagline or Tangible Resource?browzcompliance
 

Recommended

CWS Client Briefing
CWS Client BriefingCWS Client Briefing
CWS Client BriefingJon Hansen
 
Resume
ResumeResume
ResumeManikandan R
 
Exploring stakeholder engagement
Exploring stakeholder engagement Exploring stakeholder engagement
Exploring stakeholder engagement Association for Project Management
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
Dennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf
 
Stakeholder Relationship Management Audit
Stakeholder Relationship Management AuditStakeholder Relationship Management Audit
Stakeholder Relationship Management AuditAnand Subramaniam
 
Elaine Strathern CV Nov 2016
Elaine Strathern CV Nov 2016Elaine Strathern CV Nov 2016
Elaine Strathern CV Nov 2016Elaine Strathern
 
Journey to Safety Excellence – Tagline or Tangible Resource?
Journey to Safety Excellence – Tagline or Tangible Resource?Journey to Safety Excellence – Tagline or Tangible Resource?
Journey to Safety Excellence – Tagline or Tangible Resource?browzcompliance
 
Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...
Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...
Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...browzcompliance
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department Sandeep S Jaryal
 
James libbe insurance operations resume
James libbe insurance operations resumeJames libbe insurance operations resume
James libbe insurance operations resumeJames Libbe
 
Preparing for validity audits
Preparing for validity auditsPreparing for validity audits
Preparing for validity auditsOfqual Slideshare
 
Key Job Responsibilities(Roles)
Key Job Responsibilities(Roles)Key Job Responsibilities(Roles)
Key Job Responsibilities(Roles)La You
 
Overview of the New International Code of Ethics
Overview of the New International Code of EthicsOverview of the New International Code of Ethics
Overview of the New International Code of EthicsInternational Federation of Accountants
 
Jocelyn Smith_December 2015
Jocelyn Smith_December 2015Jocelyn Smith_December 2015
Jocelyn Smith_December 2015Jocelyn Smith
 
CSF Analysis - IT Project Management
CSF Analysis - IT Project ManagementCSF Analysis - IT Project Management
CSF Analysis - IT Project ManagementWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Achievements
AchievementsAchievements
Achievementsgamal wardi
 
Aligning service design to strategic transformation
Aligning service design to strategic transformationAligning service design to strategic transformation
Aligning service design to strategic transformationNoel Hatch
 
Resume
ResumeResume
ResumeHitesh Thakkar
 
Deepthi IM & KM
Deepthi IM & KMDeepthi IM & KM
Deepthi IM & KMSurya Deepthi
 
Dee Alston Resume
Dee Alston Resume Dee Alston Resume
Dee Alston Resume Dee Alston
 
City of Morgantown New Performance Measures
City of Morgantown New Performance MeasuresCity of Morgantown New Performance Measures
City of Morgantown New Performance MeasuresSusan Sullivan Morgantown
 
Hitesh Thakkar.resume
Hitesh Thakkar.resumeHitesh Thakkar.resume
Hitesh Thakkar.resumeHitesh Thakkar
 
ITIL - The impact of it services management
ITIL - The impact of it services managementITIL - The impact of it services management
ITIL - The impact of it services managementDanilo Mesquita
 
Engage your stakeholders toolkit
Engage your stakeholders toolkitEngage your stakeholders toolkit
Engage your stakeholders toolkitUnion of the Baltic Cities Sustainable Cities Commission
 
LAMRESCURRENT
LAMRESCURRENTLAMRESCURRENT
LAMRESCURRENTLawrence Moody
 
How to land multiple change initiatives - Use a simple airport analogy
How to land multiple change initiatives - Use a simple airport analogyHow to land multiple change initiatives - Use a simple airport analogy
How to land multiple change initiatives - Use a simple airport analogyEuan Wu
 
A Fool With A Tool V2
A Fool With A Tool V2A Fool With A Tool V2
A Fool With A Tool V2Linz1769
 
Canavan disease (1)
Canavan disease (1)Canavan disease (1)
Canavan disease (1)Jamie Gerache
 
Nascar from bootleg runners to sports phenomenon
Nascar from bootleg runners to sports phenomenonNascar from bootleg runners to sports phenomenon
Nascar from bootleg runners to sports phenomenonJamie Gerache
 

More Related Content

What's hot

Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...
Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...
Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...browzcompliance
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department Sandeep S Jaryal
 
James libbe insurance operations resume
James libbe insurance operations resumeJames libbe insurance operations resume
James libbe insurance operations resumeJames Libbe
 
Preparing for validity audits
Preparing for validity auditsPreparing for validity audits
Preparing for validity auditsOfqual Slideshare
 
Key Job Responsibilities(Roles)
Key Job Responsibilities(Roles)Key Job Responsibilities(Roles)
Key Job Responsibilities(Roles)La You
 
Jocelyn Smith_December 2015
Jocelyn Smith_December 2015Jocelyn Smith_December 2015
Jocelyn Smith_December 2015Jocelyn Smith
 
Aligning service design to strategic transformation
Aligning service design to strategic transformationAligning service design to strategic transformation
Aligning service design to strategic transformationNoel Hatch
 
Dee Alston Resume
Dee Alston Resume Dee Alston Resume
Dee Alston Resume Dee Alston
 
ITIL - The impact of it services management
ITIL - The impact of it services managementITIL - The impact of it services management
ITIL - The impact of it services managementDanilo Mesquita
 
How to land multiple change initiatives - Use a simple airport analogy
How to land multiple change initiatives - Use a simple airport analogyHow to land multiple change initiatives - Use a simple airport analogy
How to land multiple change initiatives - Use a simple airport analogyEuan Wu
 
A Fool With A Tool V2
A Fool With A Tool V2A Fool With A Tool V2
A Fool With A Tool V2Linz1769
 

What's hot (20)

Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...
Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...
Contractor Safety Beyond Compliance - Modeling OSHA’s recommended best practi...
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department
 
James libbe insurance operations resume
James libbe insurance operations resumeJames libbe insurance operations resume
James libbe insurance operations resume
 
Preparing for validity audits
Preparing for validity auditsPreparing for validity audits
Preparing for validity audits
 
Key Job Responsibilities(Roles)
Key Job Responsibilities(Roles)Key Job Responsibilities(Roles)
Key Job Responsibilities(Roles)
 
Overview of the New International Code of Ethics
Overview of the New International Code of EthicsOverview of the New International Code of Ethics
Overview of the New International Code of Ethics
 
Jocelyn Smith_December 2015
Jocelyn Smith_December 2015Jocelyn Smith_December 2015
Jocelyn Smith_December 2015
 
CSF Analysis - IT Project Management
CSF Analysis - IT Project ManagementCSF Analysis - IT Project Management
CSF Analysis - IT Project Management
 
Achievements
AchievementsAchievements
Achievements
 
Aligning service design to strategic transformation
Aligning service design to strategic transformationAligning service design to strategic transformation
Aligning service design to strategic transformation
 
Resume
ResumeResume
Resume
 
Deepthi IM & KM
Deepthi IM & KMDeepthi IM & KM
Deepthi IM & KM
 
Dee Alston Resume
Dee Alston Resume Dee Alston Resume
Dee Alston Resume
 
City of Morgantown New Performance Measures
City of Morgantown New Performance MeasuresCity of Morgantown New Performance Measures
City of Morgantown New Performance Measures
 
Hitesh Thakkar.resume
Hitesh Thakkar.resumeHitesh Thakkar.resume
Hitesh Thakkar.resume
 
ITIL - The impact of it services management
ITIL - The impact of it services managementITIL - The impact of it services management
ITIL - The impact of it services management
 
Engage your stakeholders toolkit
Engage your stakeholders toolkitEngage your stakeholders toolkit
Engage your stakeholders toolkit
 
LAMRESCURRENT
LAMRESCURRENTLAMRESCURRENT
LAMRESCURRENT
 
How to land multiple change initiatives - Use a simple airport analogy
How to land multiple change initiatives - Use a simple airport analogyHow to land multiple change initiatives - Use a simple airport analogy
How to land multiple change initiatives - Use a simple airport analogy
 
A Fool With A Tool V2
A Fool With A Tool V2A Fool With A Tool V2
A Fool With A Tool V2
 

Viewers also liked

Nascar from bootleg runners to sports phenomenon
Nascar from bootleg runners to sports phenomenonNascar from bootleg runners to sports phenomenon
Nascar from bootleg runners to sports phenomenonJamie Gerache
 
CS1120 PS #8: Chris Keshian and Harry Peppiatt
CS1120 PS #8: Chris Keshian and Harry PeppiattCS1120 PS #8: Chris Keshian and Harry Peppiatt
CS1120 PS #8: Chris Keshian and Harry PeppiattChris Keshian
 
MIEDO A PERDERSE ALGO QUE ESTE PASANDO EN LA WEB
MIEDO A PERDERSE ALGO QUE ESTE PASANDO EN LA WEBMIEDO A PERDERSE ALGO QUE ESTE PASANDO EN LA WEB
MIEDO A PERDERSE ALGO QUE ESTE PASANDO EN LA WEBjdanielaromanorojas
 
Changes that occur in the alimentary canal
Changes that occur in the alimentary canalChanges that occur in the alimentary canal
Changes that occur in the alimentary canalJamie Gerache
 
Coronary heart disease
Coronary heart diseaseCoronary heart disease
Coronary heart diseaseJamie Gerache
 

Viewers also liked (7)

Canavan disease (1)
Canavan disease (1)Canavan disease (1)
Canavan disease (1)
 
Nascar from bootleg runners to sports phenomenon
Nascar from bootleg runners to sports phenomenonNascar from bootleg runners to sports phenomenon
Nascar from bootleg runners to sports phenomenon
 
CS1120 PS #8: Chris Keshian and Harry Peppiatt
CS1120 PS #8: Chris Keshian and Harry PeppiattCS1120 PS #8: Chris Keshian and Harry Peppiatt
CS1120 PS #8: Chris Keshian and Harry Peppiatt
 
MIEDO A PERDERSE ALGO QUE ESTE PASANDO EN LA WEB
MIEDO A PERDERSE ALGO QUE ESTE PASANDO EN LA WEBMIEDO A PERDERSE ALGO QUE ESTE PASANDO EN LA WEB
MIEDO A PERDERSE ALGO QUE ESTE PASANDO EN LA WEB
 
Changes that occur in the alimentary canal
Changes that occur in the alimentary canalChanges that occur in the alimentary canal
Changes that occur in the alimentary canal
 
Photo collection
Photo collectionPhoto collection
Photo collection
 
Coronary heart disease
Coronary heart diseaseCoronary heart disease
Coronary heart disease
 

Similar to Info_Sec&Cyber_Security_Intervention-v1

Patina Technology Assessment
Patina Technology AssessmentPatina Technology Assessment
Patina Technology AssessmentFrank Curry
 
Patina Technology Assessment
Patina Technology AssessmentPatina Technology Assessment
Patina Technology AssessmentFrank Curry
 
Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachEa As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachMaganathin Veeraragaloo
 
A framework for developing an rfid and auto id strategy by ups
A framework for developing an rfid and auto id strategy by upsA framework for developing an rfid and auto id strategy by ups
A framework for developing an rfid and auto id strategy by upsPim Piepers
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...360 BSI
 
Best Practices For Business Analyst - Part 3
Best Practices For Business Analyst - Part 3Best Practices For Business Analyst - Part 3
Best Practices For Business Analyst - Part 3Moutasm Tamimi
 
Executing the project - Final PPT.pptx
Executing the project - Final PPT.pptxExecuting the project - Final PPT.pptx
Executing the project - Final PPT.pptxAkshithKota
 
New hospital it strategy 2
New hospital it strategy 2New hospital it strategy 2
New hospital it strategy 2Pankaj Gupta
 
Systems Analysis
Systems AnalysisSystems Analysis
Systems AnalysisBli Wilson
 
Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Community IT Innovators
 
Deepak Mysore Nagaraj (1)
Deepak Mysore Nagaraj (1)Deepak Mysore Nagaraj (1)
Deepak Mysore Nagaraj (1).Deepak Gowda
 
Lynes Diagrams
Lynes DiagramsLynes Diagrams
Lynes Diagramsrlynes
 
CobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsCobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsMichael Sim
 
WEEK2-Analyzing the Business Case.pdf
WEEK2-Analyzing the Business Case.pdfWEEK2-Analyzing the Business Case.pdf
WEEK2-Analyzing the Business Case.pdfssuser590cc81
 
Analytics @ Marketing Service Center - discussion document
Analytics @ Marketing Service Center - discussion documentAnalytics @ Marketing Service Center - discussion document
Analytics @ Marketing Service Center - discussion documentAditya Madiraju
 
6 Steps to Transition Govt ICT effectiveness
6 Steps to Transition Govt ICT effectiveness6 Steps to Transition Govt ICT effectiveness
6 Steps to Transition Govt ICT effectivenessRavi Tirumalai
 
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...Audrey Reynolds
 

Similar to Info_Sec&Cyber_Security_Intervention-v1 (20)

Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
Patina Technology Assessment
Patina Technology AssessmentPatina Technology Assessment
Patina Technology Assessment
 
Patina Technology Assessment
Patina Technology AssessmentPatina Technology Assessment
Patina Technology Assessment
 
Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachEa As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo Approach
 
A framework for developing an rfid and auto id strategy by ups
A framework for developing an rfid and auto id strategy by upsA framework for developing an rfid and auto id strategy by ups
A framework for developing an rfid and auto id strategy by ups
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
 
Best Practices For Business Analyst - Part 3
Best Practices For Business Analyst - Part 3Best Practices For Business Analyst - Part 3
Best Practices For Business Analyst - Part 3
 
Executing the project - Final PPT.pptx
Executing the project - Final PPT.pptxExecuting the project - Final PPT.pptx
Executing the project - Final PPT.pptx
 
Anand_Mahendra_Resume
Anand_Mahendra_ResumeAnand_Mahendra_Resume
Anand_Mahendra_Resume
 
New hospital it strategy 2
New hospital it strategy 2New hospital it strategy 2
New hospital it strategy 2
 
Systems Analysis
Systems AnalysisSystems Analysis
Systems Analysis
 
Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?
 
Deepak Mysore Nagaraj (1)
Deepak Mysore Nagaraj (1)Deepak Mysore Nagaraj (1)
Deepak Mysore Nagaraj (1)
 
Lecture # 07 (developing business it strategies)
Lecture # 07 (developing business it strategies)Lecture # 07 (developing business it strategies)
Lecture # 07 (developing business it strategies)
 
Lynes Diagrams
Lynes DiagramsLynes Diagrams
Lynes Diagrams
 
CobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsCobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced Scorecards
 
WEEK2-Analyzing the Business Case.pdf
WEEK2-Analyzing the Business Case.pdfWEEK2-Analyzing the Business Case.pdf
WEEK2-Analyzing the Business Case.pdf
 
Analytics @ Marketing Service Center - discussion document
Analytics @ Marketing Service Center - discussion documentAnalytics @ Marketing Service Center - discussion document
Analytics @ Marketing Service Center - discussion document
 
6 Steps to Transition Govt ICT effectiveness
6 Steps to Transition Govt ICT effectiveness6 Steps to Transition Govt ICT effectiveness
6 Steps to Transition Govt ICT effectiveness
 
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
Making IT Work for Your Business - 4 Key Concepts to Get the Most Out of Your...
 

Info_Sec&Cyber_Security_Intervention-v1

  • 1. Discovery actions Remedial actions Goals (expected improvements) Document the client’s expectations and set measurablegoals. Use R.A.C.I. to name who should be involved with achieving each goal. Document relevant past events and propose actions to prevent repeats. Inventory and evaluate existing Info Sec/Cyber Security-related hardware & software configuration items, policy, vendor performance, etc. Perform requirements gathering. Report on ITSM, Info Sec and ITIL compliance documenting performancegaps with proposed remedies mentioned briefly.* Reach agreementon which systems and networks are critical and which are non- critical.* Determine any additional needs the client has not mentioned and prepare recommendations.* (e.g., How will information documented previously be used for business continuity planning?) Determine if enough improvements can be made realistically considering the client’s resources, culture &executive leadership. Negotiate MSP agreement with a schedule ofremedial actions or terminate the relationship now. Develop a short-term win/win agreement or separation as friends. Test security solutions identified earlierin this process. Report results with recommendations.* Create a series ofcommunications to be sent from the owner or execs communicating how and why security is more important, to be given more attention, and how compliance will be measured and reported after ITaudit plans are documentedand participants are invited.* Design and deploy security-related alerts triggered according to best ITSMpractices. Implement the security-related management reports plan and schedule reflecting best ITSM practices. Plan and develop timelines for ITsecurity audits, incident management actions, and disaster recovery efforts.* Design and run proof-of-concept tests for identified advanced security solutions. Report results and make recommendations.*
  • 2. * Document the client’s response to each of these communications. The at-a-glance summary outlined above should incorporate best practices and tools tailored to fit the needs documented during this process. Tools should be used for business continuity planning, security policy, risk analysis, network security, biometrics, etc. Best practices should address the following needs: a. Understanding begins with the definition of terms. - How should objectives and scope of ITSM be defined? - How should roles of the Service Desk and other resources be defined? - How should reliance upon these definitions be reinforced? b. Executives and middle management teams must communicate, monitor and support what is planned, purchased and promoted. - Who will be responsible for which communications? - Who will be responsible for monitoring progress? - How will responsible persons be required to succeed? c. Plan how the objectives of the Service Desk and other groups will be monitored and achieved using the R.A.C.I. model. - Who will be responsible for ______________? - Who is to be accountable for _______________? - Who is to be consulted about _______________? - Who is to be informed of ________________? d. A formal service management model must be documented with illustrations and explanations and communicated thoroughly . - What components should be included? - What workflows are expected? - Can the model be patented or protected as a trade secret? e. Document and distribute processes, procedures, etc. so everyone can sing from the same sheet of music. - What hierarchy of processes, procedures, etc. should be developed? - What should be included in a style guide for this business venture? - Who are the SMEs and SPOCs to be contributors? - What configuration items should be referenced in the documentation? f. Tailor work processes and systems tomake sure they support your ITSM goals with the right tools and talent. - How should initial documentation be drafted to reflect what is anticipated? - How should what is drafted be improved to reflect reality? - Is what is documented expected toreflect the one best way to do each type of work? g. Define, document and deploy monitoring metrics in ways measurements will be trended over time and used to evaluate performance objectively. - How will the top 10 call drivers be recognized? How should they be remedied? - How should they be prevented? - How will the 20% of the problems causing 80% of the costs be remedied?
  • 3. h. Negotiate and document roles and responsibilities for all staff using the R.A.C.I. determinations noted above. - What are people to account for? - How will performance be measured daily, trended over time and reported? - How will responsible parties be held accountable? i. Discover, document and deliver a realistic, relevant and robust knowledge base. - How will users be trained to use it? - How will staff be required to use it? - How will users be required to improve it? j. Define, document and deploy reporting standards. - How should the standards reflect meaningful milestones? - What key performance indicators (KPIs) should be measured and trended? - What vendor or programmer can provide a dashboard for at-a-glance viewing? Can it be shared by all decision makers? k. Define, document and deploy role-based cybersecurity policy. - What are our minimum cybersecurity requirements? - What measures and equipment should be put in place? - How should cybersecurity be monitored daily and trended over time? - How can funding for needed improvements be justified objectively? l. Investment in people is critical to the successful adoption and ongoing success of IT services, support, and sustainability; communication, training and evaluation are three types of investment which are often neglected. - How should the above information and related decisions be incorporated in trainings to facilitate a learning organization with sustaining values? - What should be done before, during and after hirings or transfers to facilitate effective and efficient learning?