On security for IT services


Security_by Loozilla_at_flickr

Security by Loopzilla at flickr - some rights reserved

[from: http://www.flickr.com/photos/loopzilla/2073400408/]

How should one go about regarding security for IT services?

One can look at it taking in account the service lifecycle approach from ITIL and concentrate on the Design phase, when we can invest early in order to achieve that honorable goal of having the minimum (avoidable) surprises and rework when service finally goes live. In other words, reduce operational costs by designing services right.

Some ideas (in no particular order):

  1. Ensure external partners and suppliers that contribute to the services know and formally agree to their responsibilities (Underpinning Contracts)
  2. Also get internal groups/teams formally agree on their responsibilities (Operational Level Agreements)
  3. Changes to the services must include security impact assessment
  4. A procedure for receiving and acting on security vulnerabilities reported from vendors of components that support the service
  5. Include an explicit security section regarding security requisites in the initial analysis phase for new or changed services
  6. Link the security requisites to service level targets so the SLA covers them
  7. Check those requisites with customer when feasible (or at least with yourself if you’re a good candidate for using the service)
  8. Make sure security tests are covered in the test plan
  9. Then, while transitioning the service, perform the security tests
  10. Have experts trying to break your service from outside and inside
  11. Use the tools. There are technical tools and best practices you can apply thus avoiding reinventing the wheel or forgetting important checks
  12. If a security incident happens is it clear for everybody who must be involved and what to do?

Yes, some of these will happen in the Transition and Operation phases even though their planning occurs before.

Love to hear about more ideas!

Advertisements

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: