|
“Process
Integration Between Service Desk and the Security Team”
with
Arnaud Boutoille and John Hersey
With the ever increasing complexity of the regulatory and
compliance minefield, organizations are struggling with these
new challenges.
More business information assets are being accessed from
different places (remote workers, wireless, PDA) and in
different manners (customer self-help, order entry etc.) than
ever before Suppliers and business partners have embedded their
systems directly into other organizations (point-of-sale
integrated into supplier systems for inventory and warehousing,
products being sold through other storefronts, etc.)
The Challenge
Security is a cross-functional responsibility.
There are incidents that are obvious (theft of equipment,
virus infections) but there are classes of incidents that have
security implications.
A database corruption that requires recovery from back up
re-enables previously suspended account access.
Network traffic analysis study commandeers a switch span
port thereby disabling the IDS that was using the span port to
detect network attack signatures.
Service disruption on a server.
Sys admin disables/uninstalls host IDS or AV agent
software. Syslog servers
failed backup.
Compliance requires syslog storage for 180 days on line and 7
years off-line.
Audit discovers two years later that the logs have been
overwritten and no evidence is available.
Security cannot be involved in every incident but from an
escalation perspective, how can the Service Desk reach the
resources it needs for complete incident handling?
Process integration between Service Desk and the security
team is mandatory.
The
Objective
To
present the common model and branch out into some scenarios
(such as those listed above) of how this issue can be resolved
within the small organization, large organizations with
in-sourced services and those businesses with outsourced IT.
|
