Information Security Service Management (ISSM)

[Posted on Behalf of Dennis Leber Cybersecurity Executive | CISO | Board Member | Educator | Speaker | Author ]
It's time for IS Service Management
IT Service Management (ITSM) is nothing new to the Information Technology realm. I propose now is the time to apply Customer Service (Service Management) to Information Security programs.

According to a study by CIOinsights.com, ITSM improves the internal users experience, improves governance, and operations. Businesses that implement an ITSM program benefit in areas that are also prudent to an Information Security program.

Benefits of adopting my proposed ISSM include; one central location for reporting and requesting security services, tracking security incidents, requests, services, and the key factor to my proposal, moving the security department from a historically business inhibitor to a business enabler.

Benefits

Just as the IT Service Desk captures data that quantifies business decisions, collection of Security data provides that same opportunity. Tracking trends, incidents, and requests builds the information required to provide actionable strategy decisions, staffing, priorities, and budget forecasting.

Providing a single point of contact to request, and report security requirements simplifies the process for end users. Simple, automatic, and easy increases the chance your staff utilizes the solution, and your security program. Most ITSM applications (ticketing system) are already suitable to build ISSM into them.

Security often appears to inhibit business, provide no revenue, and seen as the "NO" department. The key concept to my ISSM is to instill in the Security staff strong customer service skills, and the customer service mentality. The security staff learns to change their thought process to enable the business, and assist the business in meeting the business goals while guiding them in reducing risks, and reaching desired outcomes in the safest way possible.

Key Success Factors

The top factors of success of ISSM have little to do with Security or technology. Understanding the goals of your business, what success looks like for the business units, strong customer service skills, an enabling attitude, mentoring, coaching, training, and communication skills are at the core of the ISSM.

Finally a team that embraces the ISSM concepts, supports the ISSM program, and constantly looks for improvements serves as the deciding factor of success. Without a strong Army behind the General, one cannot win the war.

Think back to a time you received excellent customer service; you felt comfortable, you understood what was happening, why it happened, and how you are going to get to your desired outcome. With Information Security, this does not have to be any different.

Real World examples

If you have ever worked with me, or for me, you know I love to brag about my team at every opportunity. With this article I get to do this again. My real world examples come from my current IS team, and the ISSM approach to our program.

Our team has increased our Security Assessment efforts, and our Architects implemented processes that are new to the business. Through their efforts of applying our ISSM concepts these changes are embraced, welcomed, and gained greater collaboration than ever before.

The governance, compliance, and audit efforts of our program is also under the maturity process. Through our ISSM efforts, communicating our many initiatives, and process improvements to the audit/compliance and audit program has been met with success, and compliments.

Our ISSM concept also increased the collaboration between developers, techincal architects, and entities, that in the past, hardly talked; if at all. The overall feedback from everyone is happy, comfortable business partners that further result in an improved Security posture for the business.

Views: 13

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service