SMB270: Security Essentials for ITSM
•
1 gefällt mir•171 views
SMB270: Security Essentials for ITSM Ian Aitchison Alan Taylor
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie SMB270: Security Essentials for ITSM
Ähnlich wie SMB270: Security Essentials for ITSM (20)
Mehr von Ivanti
Mehr von Ivanti (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
SMB270: Security Essentials for ITSM
- 3. SMB270 Security Essentials for ITSM Ian Aitchison, Sr Product Director Alan Taylor, Director Sales Engineering
- 4. Security Essentials for ITSM Closing the Gap Between Security and IT Operations Continually maintaining a secure IT environment requires proactive best practice security activities to ensure ongoing security. In addition, cybersecurity attacks are on the rise, resulting in high-impact breaches that demand responses. ITSM can play a part in detecting and responding appropriately to breaches or threats. From security incident management to coordination and communication with the security team, learn how to identify impacts, reduce risks, and deliver security controls and improvements while still maintaining end-user productivity.
- 5. Chaos Reactive Proactive Optimized Everybody Wants (or should want) to get from Reactive to Proactive
- 6. Prevention is Better than Cure Chaos FIRE HAZARD Reactive USE TOOLS TO PREVENT, DETECT, REACT Proactive DO IT PROPERLY Tools monitor and adjust in the way you need to avoid needing cure
- 7. Guidance on how to use tools to do the job is Better
- 8. A maturity model of maturity models! How mature are different IT functions Ian Opinion Chaos Reactive Proactive Optimized Security ITSM ITIL ITAM IAITAM BPL DevOps
- 9. Because IT Security is about more than just Detect, Prevent and Correct
- 11. Security and ITSM? Yeah that’s just all SIM, right? Secure Incident Management?
- 12. Why SIM is NOT ENOUGH Computer security incident management is a specialized form of incident management, the primary purpose of which is the development of a well understood and predictable response to damaging events and computer intrusions. Incident management requires a process and a response team which follows this process.
- 13. ITIL 2011 activities and processes Service Strategy Continual Service Improvement Service Operations Service Transition Service Design Financial Management Demand Management Strategy Operations Service Portfolio Management Service Level Management Availability Management Capacity Management Continuity Management Information Security Management Service Catalog Management Supplier Management Change Management Service Asset Config Mgmt Release & Deploy Management Transition Support and Planning Service Validation and Testing Evaluation Knowledge Management Service Desk Incident Management Problem Management Access Management Event Management Request Fulfillment Process Improvement Tech Mgmnt App Mgmnt IT Ops Mgmnt Key Process Function WHERE’S SECURITY? EVERYWHERE!! SIM
- 14. Security is in ITIL These are the Information Security Management sub-processes and their process objectives: Design of Security Controls Process Objective: To design appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services. Security Testing Process Objective: To make sure that all security mechanisms are subject to regular testing. Management of Security Incidents Process Objective: To detect and fight attacks and intrusions, and to minimize the damage incurred by security breaches. Security Review Process Objective: To review if security measures and procedures are still in line with risk perceptions from the business side, and to verify if those measures and procedures are regularly maintained and tested.
- 15. Get Over IT Yeah but…. Security Controls Security Incidents Security Testing Security Review Security Changes Security Improvement
- 16. ITIL GETS IT WRONG Data security over IT security (doesn’t worry about hacks, firewall gaps, virus, ransomware etc). Just cares about ‘is the data in a secure position’ or not Does not specify technical components required in place (patch, whitelist, blacklist, threat detection etc etc)
- 17. Security is not just Something We Do Security is also How We Do Everything We Do
- 18. ITIL 2011 activities and processes Service Strategy Continual Service Improvement Service Operations Service Transition Service Design Financial Management Demand Management Strategy Operations Service Portfolio Management Service Level Management Availability Management Capacity Management Continuity Management Information Security Management Service Catalog Management Supplier Management Change Management Service Asset Config Mgmt Release & Deploy Management Transition Support and Planning Service Validation and Testing Evaluation Knowledge Management Service Desk Incident Management Problem Management Access Management Event Management Request Fulfillment Process Improvement Tech Mgmnt App Mgmnt IT Ops Mgmnt Key Process Function WHERE’S SECURITY? EVERYWHERE!!
- 20. Warren Buffett
- 22. 1.4.5 A definition of cyber resilience Good cyber resilience is a complete, collaborative approach driven by the board but involving everyone in the organization and extending to the supply chain, partners and customers. To balance the cyber risks faced by the business against the opportunities and competitive advantages it can gain, effective cyber resilience requires an enterprise-wide risk-based strategy that proactively manages the vulnerabilities, threats, risks and impacts on its critical information and supporting assets. It also involves moving away from strategies that seek solely to prevent attacks on assets to ones that include preparing for, and recovering from, a cyber-attack.
- 23. Resilia The critical elements of effective cyber resilience include: ●● Clear board-level ownership and responsibility for cyber resilience ●● The adoption of tailored learning and development for all staff. This in turn will establish: ●● A clear understanding of what the organization’s critical assets are, especially with regard to information ●● A clear view of the organization’s key threats and vulnerabilities arising from their environment, including that of their customers, partners and supply chain ●● The adoption of a common language used by all stakeholders in the organization ●● An assessment of the organization’s cyber resilience maturity and design of appropriate, prioritized and proportionate plans using best-practice guidance ●● An appropriate balance of controls to prevent, detect and correct.
- 24. Tools Are Good
- 26. ITSM Security Automatically receive detected alerts from monitoring tools. Create ITSM ‘event’ processes with automated response and corrective actions. Follows ITSM Event Mgnt guidelines. May link to Incident Management eg, new virus detected in 25% of machines, do we want to do something? Event Management
- 27. ITSM Security Security Incident : creation and predefined response, escalation and resolution processes from within service desk, from email, from self service, from voice etc. Aligns with ITSM best practice incident management. May create Major Incident. eg “I have a virus error message”, “Is this a phishing email?” Incident Management
- 28. ITSM Security Predefined Major Incident workflow – notification, escalation, communication, automation. Significant business impact from current security event Major Incident Management
- 29. ITSM Security Business response to Breach (Press, WebSite, Internal Comms) May be linked to Major Incident. “We’ve been hacked!” Major Breach Response
- 30. ITSM Security Planned, scheduled security assessment exercise – internal or external, includes assignment and completion of corrective actions. Vulnerability assessments, pen tests. Security Assessment
- 31. ITSM Security Self Service and Knowledge published guidelines, recommendations and advice to business users. Security personal assessment and user training tracking. “access your security awareness documentation and training here” Business Education
- 32. ITSM Security Reports and Evidence data captured automatically to ensure compliance with GRC requirements and standards. PCI, HIPAA etc Governance and Compliance
- 33. ITSM Security Latest alerts, news, best practice, advice, warning from the broader industry into searchable security knowledge base Security Knowledge
- 34. ITSM Security Predefined scorecards and dashboards for industry security frameworks, plus complete business security posture Standard Scorecards and Dashboards
- 36. Metrics Source : cyber resilience and ITSM, Alexos
- 37. Learn More ▪Resilia ▪ISO/IEC 27001 ▪NIST ▪ITIL ▪ISO/IEC 20000 Source : cyber resilience and ITSM, Alexos
- 38. Demo time
- 39. Demo Time 1 - Event Management = Automatic Security Alert/Incident from external monitoring tools 2 - Breach Reaction = controlled response sequence to major security breach 3 - Dashboard - all types of security activity in one place ALAN - what can you do here?
- 40. Security in ITSM, also consider ▪ User record – has been security trained ▪ Change and Release – Security risk assess, security change approve ▪ Knowledge – article types ‘security’ for IT and the Business ▪ Self Service – EndUser security status, security news, security assessments ▪ Service improvement – better secure posture is improvement too! ▪ Resolution cause – security issue? ▪ Problem Management – root cause. Eliminate future security incidents ▪ Also – is your ITSM tool secure? Often public facing, what security, password, auditing in place?