Professional Documents
Culture Documents
Welcome To People, Process and Operating System Fundamentals For Cybersecurity
Welcome To People, Process and Operating System Fundamentals For Cybersecurity
since every incident is different from day to day. Motivation, since analysts are the initiators have
the solution to problems. In this class, you will hear from several subject
fundamentals of security is essential to the cybersecurity analysts day-to-day duties. Hi. I'm Luke Fuca, a
course developer for
IBM's Data Security portfolio. I'll be with you
to be successful as a junior
cybersecurity analyst. You'll be taught by IBMs cybersecurity experts who will take you through modules
these session is frameworks, and there's four purposes. We're going to talk
normative and compliance. So in the organization, we will have a lot of things. We'll have, for example,
best practices, we will have a baseline, or we will have framework. A good example of
your business is ITIL. So those are good things, good controls that will improve, enhance your IT
governance, your IT processes, your IT
policies, your IP procedures. Those frameworks, those baseline, those best practices will improve the
performance
of your servers. For example if you go and grab the best practices
for Microsoft regarding the hardening of their database server
Microsoft SQL Server. But that best practice, that framework is not something that you
of good practices, you will a lot of controls, you will have a lot
of good things. But if you don't have it, that's something that will not necessarily
harm your business. If you don't have guidelines from Microsoft to implement
the servers, if you don't have the guidelines from the Cisco to implement
your IT governance your company, you will lose your business. You will be part of any problem with your
regulator or
with your government. In the other corner, we have normative and compliance. The difference here is
you
need to implement normative, you need to have compliance if your business require that. So for
example, there is
your healthcare company, you could have COBIT, you can have a lot
in your systems. But if you don't meet, if you don't comply with HIPAA, if you missed
operate in United States. You will have penalties from the US government because you are not
complying with HIPAA. So that's the main difference between baselines framework
with technology and we could mention out I've actually already mentioned
a couple of those. We could mentioned COBIT, we can mention ITIL, ISOs. On cybersecurity, we
have ISO 7000 series. We have COSO. We have the PMI, the Project Management Institute with a lot of
project
that you could follow on your software in your systems to avoid any security incidence, any incidence
that will harm or will destroy your software.
Roles in security
will learn to describe the various roles typical to a Cybersecurity organization. Roles in information
security. Even though this is not
information security areas. These are very common roles that you can find in
to make sure that there's a head and someone in charge of the Information
the blue team for instance. We also have the SEM engineer, the person who is familiar with different
SEM technologies. So all of these roles
and standards. To mention a few of the roles, we have the chief information
security officer. As mentioned before, this is a high level management position. This is the head of the
role that in the past was not very common, but it is now very common to see this specific position or this
specific role
are collected by a SEM, like I don't know, maybe [inaudible] for instance, be able to understand and
investigate alerts from
this specific SEM platforms, or any alarms related to any health check
to the SEM, an information security analyst should be able to go to the SEM, get the alert,
at least the best practices defined in those revelations, and that organizations are
as protected as possible.
Introduction to Process
Security Operations Center. Hi, welcome to the training on business process management
analyst at IBM Corporation. Today I'd like to provide some insight and training
our everyday lives. We are engaging in processes personally and professionally. An example might be
what
off the process, and internally what I'm not seeing as the customer
wasn't reported stolen. So it's got a validation process, these are steps it
my little card pops out, and the final step in the process it spits out a little receipt that
the cyber attacks and alerts are increasing. The complexity of managing this environment is increasing.
The attacks are ongoing and nonstop on our IT
and the tools, that we will use as IT professionals all need to work in harmony with each
and stop threats. With an IBM, we call them Security Operations Centers,
SOCs, for short. In the SOCs, it's imperative we have the right skills a staffing. We have the right tool
any issues that arise. So skills, tool, sets, and processes, So people, tools, and process is
define a process and its attributes, described standard process roles, explain
what makes a process successful and describe process performance metrics. >> I wanted to take us
through
definitions of a process depending on the author or the source. And I should say some may call it BPM,
ITIL, CPI, different names, but underneath, it should have the common
as you can see in the chart here. Add some value, there's some processing, there some knowledge
applied,
every process should have inputs. That is, some information, some data or even raw materials that come
in to
the process that are used by the process, and many times are a way
to kick off the process. In my simple example, it was me putting my debit card in
the ATM machine, that was the input. Every process should have a start and
it should have a front and a back, it begins here, it starts here. We do these tasks and it ends here. They
can't just go on and for
an item, we got to have a bound. So inputs, outputs, start, stop, tasks, steps, some column, actions,
perform, it's the doing part of a process,
I don't have listed on the chart but documentation is critical in what we do. We do have to have our
common understanding of how it works, for auditing purposes, for compliance. And in my experience at
IBM,
I've always liked to use kind of a three fold approach to documentation versus
a high level a one page very high level. Here's where it starts,
here's where it ends, and here's a couple of boxes that shows what
will have its own lane, and we list a task on the hand
off between the lanes. Let's call this swim lane. And that describes
or the desk procedure. This is how I complete task a, b, and c. This is what I signed into and
the what and low level, the how. Now, this is certainly very high level,
but each process unless it's fully automated. And all system generated like
no people involved other than myself. But you could have a supplier that's
providing something to the process team. You could ever requestor, that is
that oversees a group of folks that are executing the process. And is there to lend support,
steps in the process. And more often than not, you have
before you can proceed in the process. So you need an approval and a reviewer. A reviewer might be
a quality assurance person. The one critical item to know for any role
of those duties. So what makes a process successful? And there's certainly more than six. But a charter,
it's kind of like the menu, it describes what the process
is in place to do. Why does it exist? What are the goals of the process? Who are the stakeholders in the
process? It can be from 1 page to 30 pages,
I've seen very long ones with charter. But it basically just if anyone
comes along and says, what? I don't understand what this process does,
what it's for. Here, read the charter. Process should also have very clear
suggest a process owner that is not a doer in the process, rather they have accountability for
the accountable person, it could be a manager or non manager. But just someone that is assigned the
every time, we don't want them to vary. If we're producing breaks for
a car, we want them to be the same every time they come off
the assembly line, and variation is bad. So if our steps in the process
could affect that output, and we don't want that. Automation is important too,
because if we can reduce manual keystrokes which are prone to finger error,
it'll save time and money as well. And then lastly, but not all
inclusive is performance indicators, tangible metrics that we collect. We look at as a team monthly,
quarterly to say, how's our process doing? I want to give just a very
simplistic example of how it's important to reduce variability. If we look at just a fictitious company,
or in our manufacturing, that makes rivets that go into the assembling
where there has been breakage, catastrophic failure of some of the skins
they're interpreting, what are the metrics telling us? They're trending amount, they're looking
at comparison of two different things. For example, process costs. The cost to produce is
that looks great, that's a good thing, class are going down. But if we take into
at 30,000 feet in the air. So just just a very simple example of how
that that rivet is the same quality, high quality every time
I'm sure there are many more and many other types might fit
the timing of an event, a series of steps, or end-to-end process. My process starts here, the clock starts.
Two days later, it ends,
from another role, and I had a wait on average 24 hours. So we want to measure delays,
put the clock on it. We also want to measure quality. Input quality,
we get inputs from a source. It's good to check them. Someone provides pricing
prices are right before we get too far down into our process. So it's good to measure inputs, the quality
of those the quality of our
just meaning within the tests that we're performing, measure the quality. A lot of companies do
sampling too,
are the costs of delays of the effects of overtime for the staff having
which I just simply see a do overs. I got from step a to p and I've all
to step d and start over. So I've got all that waste of time of
my time, maybe system operation time. Maybe I need new materials and
we want to measure it then find out why. There is rework. And then go upstream and
refer to a lot as CPI is critical. It's just the ongoing cycle of always
reviewing your process performance matrix, what are your customers
which are predeveloped checklist, questions that you can self administer, that will give you a score
a year and here's how I get there. And then financial performance, small improvement teams
are critical too because. I always think the smaller the better if
you've got the right key individuals and SMEs, to get together from
ITIL overview
just a very high level of ITIL and their life cycle. This is not an IBM
a best practice, like I said, framework and I've seen it used across many different
it, it's a guideline. It describes, really, how we as an IT organization need to better organize and provide
up with life cycle phases, which I thought was really great. It's a very logical
progression, if you will. For instance, service strategy. I'm in the IT organization
going to support them, and what am I going to provide? It's really taking,
them as my customer. Within service strategy, ITIL has developed a number of subprocesses like
more than I've listed, but this will give you a flavor of what they are suggesting. Service portfolio
management is, really, how are we going to manage the service portfolio,
of thing we'll throw into our service portfolio. Financial management is, really, how we're going to
budget, do our accounting etc to reach our strategy goals as an IT group, security group. Demand
Management is
management is, how are we going to maintain a positive relationship with our internal customers
action on what they say? So that was service strategy. That was the very first. Many of our
organizations, as yours, we probably have IT processes in place and we're not necessarily developing
might be ways you can improve and refine your strategy. The next phase or cycle
information of all the services that we provide. The help desk, for example, might be in that service
catalog. Service level management. Sometimes you might
between you and your customers on the levels of performance, setting targets. We're going to complete
that objective. Information security management. This is, just really, ensuring the
the organization's information. It's the data in the IT services. Supplier management. This is ensuring
that we have contracts with
existing, or new. We're transitioning them from current state to a steady-state. So things like change
management, which we're all familiar with, the control of life-cycle
of all changes. That is under service transition. It's a process for ensuring we do changes with a quality
aspect. It's project management, projects that coordinate
are outages because we put a change in and no one in the business units
deployed releases and the resulting services that they all meet customer expectations, whether internal
or external. The last one I have listed, and there are other subprocesses
is important. This is where we seek together, analyze and store knowledge learned and information that
can be shared across
service operations. I call this one steady-state, because we've gone from
those type of things. Just a couple of the processes under service ops that
I've listed here. Event management is a key, that's making sure that
constantly monitored, its categorizing advance and then taking appropriate actions. Incident
management, this is managing the life cycle
likewise to managing the life cycle of all problems. Really, the goal of service ops
is to make sure that our IT services that
process discussion comes in, where reduce of variation by having standardized repeatable
IBM for many years, is continual service improvement. Where it's just as it says, it's like we discussed
before. We're continually
we think it should be, we're trying to reduce the gaps, we're testing and prioritizing, we select what we
think is the best opportunity to
improve, and then we implement. So it's a continuous wheel. It's always trying to
Information Security Management. The last section I wanted to just drill down a little bit more into some
of the processes that I talked about
resources available, you can Google and find wikis that really go into a deep depth on all the
one or more incidents. Problem management really aims to resolve not just the one
the root cause of incidence, so we can minimize this happening again or the impact of
across the ITIL lifecycle. Those five phases. It's aiming to ensure that standardized methods
and procedures are used for effectively making changes. It could be changes to
change management include; identification of the change, planning the change, assessing
the impact of the change, and then getting approvals or scheduling those type of things
something differently, those type of things. Then a closure. Again, this is all documented in much more
detail by ITIL
that you can find on online. Incident management, we talked about this briefly earlier, but this is aimed
at restoring normal service apps as quickly as possible and minimizing adverse effect on
incident management lifecycle, would be to log it, assign it to someone that is going
categorize an incident. ITIL has its perspective. Prioritize resolve and then
functioning correctly. The vance are any detectable or discernable occurrence that has significance for
monitoring function is key as well for checking. Service level management. This involves planning,
earlier how we will have, we should have SLAs with our internal customers
maintaining ISPs and specific policies that address each aspect of strategy,