Presentation Slides

advertisement
The way to gain a good reputation, is to
endeavor to be what you desire to appear.
Socrates
Balancing Customer Service and IT Security ITIL Based Solutions for a Service Desk Conundrum
A satisfied customer is the best business strategy of all.
Michael LeBoeuf
As an employee, what do you want
C&C to be?
The user's going to pick dancing pigs over security every
time.
Bruce Schneier
Topics for Discussion
• ITIL – Best practices for improving IT Service Management
Client hopes/requests for the future
• The Service Desk as a function of ITIL
• Information Security Management - Why does ITIL make a difference?
• The Service Desk – helping balance the dichotomy
• Challenges going forward
• Discussion
ITIL – A Best Practice Framework
ITIL – Information Technology Infrastructure Library
• a collection of best practices for the management of IT Services
Technology leadership – MUN’s
future
• improving customer outcomes through the effective delivery of services
• seeks to align people, processes and technology such that IT services
become business activities that provide value to customers
• in and of itself ITIL exists only as a best practice framework. It will give
you the “what” but not the “how”. Implementations are usually custom and
organization specific
• benefits include better services for clients, cost savings for the
organization, a better understanding and positioning of the role of IT in the
business or organization
ITIL Processes
•
•
•
•
•
•
•
•
•
•
•
Configuration Management
Incident Management
Problem Management
Change Management
Release Management
Service Level Management
Availability Management
Capacity Management
Financial Management for IT Services
IT Service Continuity Management
Security Management
The Service Desk – a single point of contact for incidents and
Service Requests. Primarily, it serves as a function of Incident
Management whereby it helps restore normal service to clients as
soon as possible.
IT Security Management
• Traditional ITSM thinking is far too limiting
• The oft referenced CIA – Confidentiality, Integrity, Availability – is really
just a starting point
• Security is not just a process, but one of the most contentious
intersections of people and culture with technology.
• So where does ITIL fit in?
• Best practices in IT Service Management point the way to defining,
implementing, monitoring and assuring repeatable IT management
objectives and processes.
• It’s often said that we can manage what we can measure. In the case of
IT Security we can make secure what is defined, recognized and
understood. That of course, applies to people, technology and
processes within our organizations.
The ITIL Service Desk
One primary goal of IT Security Management within ITIL is to align
security with people, processes and technology for the betterment of our
clients and our organization. Seems simple enough, but how do we go
about doing it?
The Service Desk should be a vital partner in IT Security.
• a single point of contact for your customers that has its hands on the
pulse of the organization.
• broad understanding of everything that goes on around you. Why?
Because they are answering questions about your infrastructure every
day.
A Collaborative Effort
Communication is the key – Making security a priority
The Service Desk should understand the critical nature of security related
incidents and perhaps more than any other incidents, detailed processes should
be defined so that procedures are followed correctly.
Service Desk staff should be encouraged to bring forward security related
concerns especially if they find themselves hard pressed to explain security
related policies to your clients.
If security related decisions within your infrastructure were based on policy
make sure that your Service Desk staff are aware of the policies in question.
ITIL, if implemented correctly, is oddly self aware or perhaps more precisely,
introspective. Service Desk reporting of security incidents should happen
regularly and should be reviewed for timeliness of response and resolution.
Better still, the root causes should be analyzed and understood.
Raising Client Awareness
If the Service desk is the single point of contact for your customers then it can
also play a crucial role in making clients aware of security concerns within your
organization.
Here comes the sales pitch!
Not totally unlike a commercial entity that uses its Service Desk to push products
and services, your Service Desk can be used to pitch ideas and to make clients
aware of the how’s and why’s of security.
If client awareness of your Security Changes stops at the table of the Change
Advisory Board then you have failed. And you have failed even if everything
related to the 1’s and 0’s was successful.
A client who is consulted and informed is far more likely to be understanding of
security policy and security related changes than the one who discovers that the
new gadget he or she just bought is ….. not supported?
Challenges Going Forward
• ITIL – a lot of work and a slow process.
• Look beyond yourselves to see if you’re getting it right.
• The pace of IT will outpace you – just get used to it.
• ITIL – not just a roadmap, it’s the road
The way to gain a good reputation, is to
endeavor to be what you desire to appear.
Socrates
Download