КАТЕГОРИИ:
Архитектура-(3434)Астрономия-(809)Биология-(7483)Биотехнологии-(1457)Военное дело-(14632)Высокие технологии-(1363)География-(913)Геология-(1438)Государство-(451)Демография-(1065)Дом-(47672)Журналистика и СМИ-(912)Изобретательство-(14524)Иностранные языки-(4268)Информатика-(17799)Искусство-(1338)История-(13644)Компьютеры-(11121)Косметика-(55)Кулинария-(373)Культура-(8427)Лингвистика-(374)Литература-(1642)Маркетинг-(23702)Математика-(16968)Машиностроение-(1700)Медицина-(12668)Менеджмент-(24684)Механика-(15423)Науковедение-(506)Образование-(11852)Охрана труда-(3308)Педагогика-(5571)Полиграфия-(1312)Политика-(7869)Право-(5454)Приборостроение-(1369)Программирование-(2801)Производство-(97182)Промышленность-(8706)Психология-(18388)Религия-(3217)Связь-(10668)Сельское хозяйство-(299)Социология-(6455)Спорт-(42831)Строительство-(4793)Торговля-(5050)Транспорт-(2929)Туризм-(1568)Физика-(3942)Философия-(17015)Финансы-(26596)Химия-(22929)Экология-(12095)Экономика-(9961)Электроника-(8441)Электротехника-(4623)Энергетика-(12629)Юриспруденция-(1492)Ядерная техника-(1748)
Automation of manual tasks
|
|
|
|
Improvement of operational activities
Documented policies and procedures
Training and awareness
Screening and vetting
Operational security control
For operational reasons, technical staff will often need to have privileged access to key technical areas (e.g. root system passwords, physical access to Data Centres or communications rooms etc). It is therefore essential that adequate controls and audit trails are kept of all such privileged activities so as to deter and detect any security event s.
Physical controls need to be in place for all secure areas with logging in-out of all staff. Where third party staff or visitors need access, it may be Service Operation staff that are responsible for escorting and managing the movement of such personnel.
In the case of privileged systems access, this needs to be restricted to only those people whose need to access the system has been verified – and withdrawn immediately when that need no longer exists. An audit trail must be maintained of who has had access and when, and of all activities performed using those access levels.
All Service Operation staff should be screened and vetted to a security level appropriate to the organization in question.
Supplier s and third-party contractors should also be screened and vetted – both the organizations and the specific personnel involved. Many organizations have started using police or government agency background checks, especially where contractors will be working with classified systems. Where necessary, appropriate non-disclosure and confidentiality agreement s must be agreed.
All Service Operation staff should be given regular and ongoing training and awareness of the organization’s security policy and procedure s. This should include details of disciplinary measures in place. In addition, any security requirement s should be specified in the employee’s contract of employment.
Service Operation documented procedures must include all relevant information relating to security issues – extracted from the organization’s overall security policy document s. Consideration should be given to the use of handbooks to assist in getting the security messages out to all relevant staff.
All Service Operation staff should be constantly looking for areas in which process improvements can be made to give higher IT service quality and/or performed in a more cost-effective way. This might include some of the following activities.
Any tasks which have to be carried out manually, particularly those that have to be regularly repeated, are likely to be more time consuming, costly and error prone than those that can be systemized and automated. All tasks should be examined for potential automation to reduce effort and cost s and to minimize potential errors.
A judgement must be made on the cost s of the automation and the likely benefits that will occur.
|
|
|
|
|
Дата добавления: 2014-12-23; Просмотров: 441; Нарушение авторских прав?; Мы поможем в написании вашей работы!