Home > Articles > Software Development & Management

This chapter is from the book

Security Management

This process aims to assure IT security by granting and enforcing the appropriate level of access to applications and data to internal and external personnel through the use of day-to-day administration of security policies and the use of a consistent security policy across all enterprise resources.

Tasks

Skills

Provide new user-ID password for customers

Reset passwords as required

Use automation to perform monitoring/administration tasks

Develop processes to improve security management processes

Understanding of all operational processes that deliver services and process interaction points

Expertise in service-level reporting tools

Knowledge of customer applications/systems

Understanding of cost/performance trade-offs

Ability to communicate well

Knowledge of security technologies and products

Staffing

Automation Technology

Security administrator

Security policy manager

General network and systems management (NSM) tools for monitoring (that is, availability management)

Reporting add-ons to general NSM tools

Firewall and virtual private network products for perimeter defense; intrusion detection products for defense within perimeter

Single sign-on and Kerberos products for efficient and secure use of password authentication

Best Practices

Metrics

Use of single sign-on technologies to streamline user access while maintaining security

Use of Kerberos-style tokens to avoid transmitting passwords over insecure networks

Use of intrusion detection technologies within the boundaries of the enterprise

Service levels coupled to externalized metrics

End-to-end objectives reflecting business perception

Number of security breaches/time

Cost of security breaches/time

Level of customer satisfaction (survey feedback)

Cost of administering/number of service-level agreements (and customers)

Service availability

Service performance

Service quality (QOS)

Process Integration

Futures

Most processes

End-to-end perspective

End-user perspective

Consolidated reporting

Feedback of service metrics to control management policy

"What if" analysis of suggested service-level agreements in relation to cost

Stronger tie-in of cost/service trade-offs


  • + Share This
  • 🔖 Save To Your Account