Case Study
This week you'll be finalizing the testing of your process model. Prepare a draft action plan for Harry & Mae Case Study.
You'll need to take your threat analysis and identify controls to put in place to address those threats and vulnerabilities. Make sure each of the highest risk items you identified have a suitable action plan associated with it.
Additionally, you need to ensure any impact of those controls is identified. For instance, does putting in a more advanced firewall impact any other element of the system? Does strengthening the password policy impact the information security awareness program? Your audience is executives at Harry & Mae's Inc.
Service Interruption Reporting:
1. Whenever there is a service interruption it can be reported by the end user/ customer or employees. It can also be reported by phone call or email.
a. If reported by phone:
i. Record all the important details of failure. The user details, failure details e.g.: date, time, error, service details, affected sites, impact of the interruption.
ii. Verify all the information provided by local IT team.
b. If reported by email:
i. Review all the information provided by user/customer or employees.
All the necessary information should be there in mail, if not, contact the sender again to get all the necessary information.
ii. Verify all the information provided by local IT team.
Determine the Impact of the Issue:
2. Determine the urgency, risk involved and impact of the issue on actual production.
a. Categories the issue as Low/Medium/High urgent problem.
Involve Third Party vendor/ service Provider:
3. Involve third party vendor/service provider responsible for the service.
a. Provide all the required details of service failure to third party Vendor / service provider.
b. If third party Vendor / service provider are already aware of the interruption; obtain information about their action plan to resolve the interruption.
c. Request third party Vendor / service provider to provide their trouble ticket number for the issue so it can be recorded in ITSM ticket and referenced in future correspondence with third party vendor / provider / end user.
ITSM Incident Management Process:
4. Open an ITSM incident ticket with all the information and create Master Station Log (MSL) entry ensuring the details obtained from the Vendor /service provider is entered into both documents for future reference. Also set the SLA as per the nature of impact, priority, risk and Enterprise's standard.
Request for workaround/ Back-up Plan from Service Provider:
5. Request for workaround/ Back-up Plan
a. Depending upon severity of the interruption and / or the length of time with which the organization can reasonably expect the interference to be resolved, arrange the appropriate hardware component and request the coordination with the third party Vendor / service provider's engineering department to obtain alternate solution to restore services to the adversely impacted sites. Also, ask for workaround if any.
Regular update of theIssue:
6. Take regular updates from the service provider on their action plan and Expected time to restore the service. Send these updates to the impacted user on regular intervals. Also, update the ITSM ticket with the recent working in work log.
Monitor the incident:
7. Monitoring the incident of service failure:
a. Keep monitoring the incident until resolved and also after resolution because the chances of it getting failed again are high once repaired within 24-72 hrs.
b. Update corresponding ITSM ticket with the details provided by the third party Vendor / service provider and the corroborating entities and then place in a 24-72 hour monitor.
Resolve the incident:
8. Resolve the incident of service failure:
a. Once an issue reaches the end of its monitoring period, obtain final UAT from the impacted customers prior to closing the associated ITSM ticket.
b. After the testing is done from the user side, close the ITSM ticket with all the resolution steps so that it can be referred in future for similar issues.
c. Also, request for a root cause analysis from the third party vendor/service provider so that the future incidents can be prevented if cause is known.