Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Service Management

Information Security with a 5 capability model
by

Lisa Martinez

on 22 March 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Service Management

Business Strategy and
Design Conclusion Thank you for your attention! Design for the rule in a discreet manner And one more thing... If we have so many types of people making decisions that influence business management systems... Diverse audience with different responsibility Service Management - Financial and Quality Audit Of course they do. Problem Design and Develop Things change Quantified maturity models promoted by industry leaders promote the lowest level of association often removing any visible connection between controls and the technical delivery. Business People are unable to describe or explain IT Changes and different ways technology reaches their process and user base. The only option we can consider would be discreet insertion of the rule and exclusions managed through effective change management. Without anyone having the visibility or ability to translate the languages across functional or technical delivery types... We must respond with precise and effective solutions with minimal disruption. We need to adopt to service management delivery - ITIL, Prince and PMP processes are all aligned to model. We need to understand and control the 5 capabilities influencing the information which must be secure. A business service acquires one type from the two user types in operational and information security groups.

A distinguishing way of segregating duties across both business and IT and ensuring the required type of user among two groups.
Management group (3) - allows create read and update of master records (party, item and financial)
Transaction group (2)- allows create, read and update of transactional application event records in the business critical applications for any business. Create, Update and Read or archive (replaces delete) 5 capability model users Classification and Identification of information that must be secure, managed with auditing, segregation of duties AND zero data loss or must be document controlled according to the retention schedule retained and made available upon demand. Management Group Customer Party Supplier
Party Guest User
Workers user
Workers Offer Management Hardware Software and Service Financial Account Management (cc) photo by theaucitron on Flickr ERP systems manage your expenses and your revenue transactions 1. Expense Transaction Capability
2. Revenue Transaction Capability Expense Transaction Revenue Transaction (2) Transaction Capabilities zero data loss and ability to keep lights on with customers and suppliers 1. Financial Account Management Capability
2. Offer Management Capability
3. Party Management Capability Strenghts - You are armed with Knowledge
Outcomes from a management activity must be recorded and made available on demand, with consistent re-affirmation that the burden of proof has been met for any reported revenue. Performance reporting to SEC and/or investors.

Weaknesses-You have the wisdom to identify the symptoms
When the process breaks or fails your inventory waste has been introduced, your over processing waste results, your overproduction waste has been introduced forced by another process (most often IT), your re-key waste has been introduced.
You have data quality and governance issues and silos of information causing your reports to be different. You are likely to need IT to acquire the reports after some magic trick on the backend.
Your resources insist that a transaction decision is made every day on the address or relationships like users relationships with an organization.

Opportunities - The obligation and solution may be as simple as applying your corporate policies
The person who your customer authorizes to purchase goods or services from your company, never has the same authority to influence the companies master records on file with any supplier (your customers perception of your company; as a supplier)
Most examples to counter this role are unlikely to be a true customer instead the role of a consumer which is your resale partners liability.

Threats-Think of Enron, Worldcom, MCI and how those companies were not immune.
Any dispute from a customer regarding payment may be against your organization if you fail to honor the standard terms made between two organizations operating in good faith.
Customers can complain through a number of venues. Watchdog groups, ISO complaints or letters directly to your board or CEO. Create, Read and Update Stewards An Analogy Would your bank have the right to add anyone to your checking account without the request coming from you directly?
Would a credit card company have the right to add a card to your account based on my request? No, the terms you signed when you opened the account protect you in either scenario! If it was your money and your reputation... scaling the scope to a precise set of tools Information Security Design Capability Components Corporate liability scope Strengths, Weakness, Opportunities and Threats An analogy If the employees at your bank or credit card company What if these employees simply scheduled a meeting with a team of really influential employees?
No-the employees are agents of the company and they must know the terms.
The team approach was used.
What if the enterprise architects made the new design a standard?
Does EA need to know these business policies?
It's just this simple. Strategy We are not talking about the dynamic parts of the organization.
We are talking about the static parts of the Enteprise and the systems which are complex and dependent on each other.
What we are focused on are not our own decisions.
These impact suppliers and customers and our companies legal obligations. These are the parts of the business which are interdependent. Observation Rows 4 and 5 Zachman Tool Row 3 with 1 and 2 Zachman tool
1. Configuration Management
2. Change Management
3. Issue Management
4. Problem Management
5. Information Management 5 capability model incorporates
the audit requirements by types (2)
Incorporates (2) users groups for master
with segregation of duties by design
Includes IT and Business for 404 assurances Business Criticality 1 Zero data loss Service Management IT and Business Public Sector Private Sector Personal Identifiable Information Far too much evidence exist to suggest that private sector business practices may have gone beyond their authority and collected far more information or purchased and exchanged with others without an authorization from any private citizen.

The culture factor in corporate sector indicates
a low percentage of consistency around PII

The culture and lack of career incentives or ability to agree on definitions of objects that have existing legal,
financial and brand protection risk, indicates a low probability of success in this sector.
80% may improve although none are likely to be holistic
20% may not prioritize or even come to the table
Full transcript