- "Do I Know This Already?" Quiz
- Business Processes Impacting Security Operations
- Technical Implications
- Documentation
- Version Control
- Review Key Topics
- Define Key Terms
- Review Questions
Business Processes Impacting Security Operations
Security operations in any organization are often heavily influenced by various business processes. A business process is a set of coordinated tasks and procedures that an organization uses to accomplish a specific organizational goal or to deliver a particular product or service. Each process—be it approval mechanisms, ownership protocols, stakeholder interactions, impact analysis, or test results evaluation—has the potential to shape the organization’s security posture. For instance, an ineffective approval process could lead to poorly vetted changes being implemented and new system vulnerabilities inadvertently being introduced. It’s important to note that the effectiveness of business processes is often gauged using performance baselines. A performance baseline serves as a standard measure to assess the impact of any changes on security, ensuring alignment with organizational security objectives.
On the other hand, a robust ownership protocol ensures that each asset, such as a data set or an application, has an assigned custodian, and ensures that its security requirements are regularly reviewed and addressed. Understanding the interaction between these business processes and security operations is crucial for maintaining a strong security stance and safeguarding an organization’s assets.
Approval Process
The approval process is a crucial business procedure that dictates how changes impacting security are approved and who holds the authority to make such decisions. The approval process typically follows a step-by-step verification process to ensure that all necessary precautions are considered and the planned change will not introduce new vulnerabilities.
Ownership
In the context of security, ownership refers to the individual or team that is responsible for specific assets, such as databases or applications, and that is accountable for their security. Owners are typically responsible for defining an asset’s security requirements, managing its risk profile, and addressing any vulnerabilities in the system. A crucial component of recognizing ownership is establishing accountability. Ownership ensures that each asset is consistently maintained, protected, and updated according to the security requirements of a specific system.
Stakeholders
Stakeholders are individuals or groups vested in an organization’s security posture who can directly impact security procedures and policies. Stakeholders may include system users, IT staff, management, customers, investors, or any entity that would be affected by a security breach or whose actions could impact the security posture of an organization. Involving stakeholders in security decision-making processes can lead to more comprehensive security solutions, as diverse perspectives help in identifying potential threats and vulnerabilities. Remember that stakeholders can be internal or external to specific internal business departments or external to the business.
Impact Analysis
Impact analysis is a process that involves assessing the potential effects of changes on the organization’s security landscape. You may encounter impact analysis in the form of a business impact analysis (BIA), which we will explore in depth in Chapter 24, “Understanding Elements of the Risk Management Process.” An impact analysis also helps in proactively identifying possible security risks or issues to a system. Security analysts should conduct an impact analysis to better understand how to effectively allocate resources such as staff, budget, and tools.
Test Results
A test result is an outcome of a specific test, such as a penetration test, vulnerability assessment, or simulated attack. The test results of newly implemented security measures play a crucial role in determining the effectiveness of those measures and any adjustments needed.
Test results offer insights into the strengths and weaknesses of a system’s security, informing decisions about necessary improvements or adjustments. Essentially, they serve as a report card for the organization’s cybersecurity measures. It’s crucial to note what type of test result you are reviewing and how the results were generated. A test result from a vulnerability scanner will show detailed technical insights specific to each system and will generally lack bias. A human-generated test result, such as a result in a cybersecurity risk assessment, might have subjective content and require additional context to be understood.
Backout Plan
Every change in an IT system or process needs a backout plan—a meticulously outlined procedure designed to revert any changes that negatively impact security or business operations. A backout plan is more than just a rollback strategy; it’s a critical IT service management framework component. A backout plan adheres to a predefined action list and should be created before any software or system upgrade, installation, integration, or transformation occurs. This plan typically includes detailed steps and techniques for uninstalling a new system and reversing process changes to a pre-change working state. The objective is to ensure that automated system business operations continue smoothly, especially if post-implementation testing reveals that the new system fails to meet expectations. As a best practice, you should avoid making changes during peak business hours and always have a comprehensive backout plan.
Maintenance Window
A maintenance window is a designated time frame for performing system updates or changes that is strategically chosen to minimize disruptions. We used to say, “Maintenance on a Friday is guaranteed work on a Saturday.” Choose your maintenance windows carefully to balance impacts on the business and plan for any unexpected operational impacts that result from your maintenance.
You might find that in a software as a service (SaaS) company, you need to do maintenance on the company’s virtual private network (VPN). Engineers may use the VPN for secure remote access and use it frequently throughout the day to connect to development systems, but the usage levels may drop drastically after 6:00 p.m. You would therefore want to plan your maintenance window from 7:00 p.m. to minimize outages to any critical work happening at the company.
Standard Operating Procedure
A standard operating procedure (SOP) is a step-by-step instruction set to help workers carry out complex routine operations. SOPs are crucial for maintaining consistency, enhancing security, and ensuring that all team members follow best practices in daily operations. SOPs should be vetted all the way through the senior leadership team to ensure executive support for planned activities.