Get Pricing For SunView Solutions

Review platform features & packaging to decide what best meets your needs.

IT Service Management

ChangeGear is an industry-leading ITSM platform that helps organizations to better track, manage, and deliver critical services.
Get Pricing

IT Operations Management

LivePulse offers out-of-the-box system and application monitoring essentials in the cloud.

Get Pricing

ITSM: A Reactionary Approach to Hacking

11/16/2011 by: The SunView Team

Over at our on-line newspaper, The ITSM Lens Daily, a headline came across from the Sydney Morning Herald - Cyber Attacks: Resistance is Futile. Of course, we read a lot of stories here, and directly related to those stories, a lot of headlines (we tend to write a few ourselves). However, this one seemed to strike a chord. As a society have we finally reached the point where we will simply give up and let the Borg assimilate our planet?

Star Trek reference aside the article poses a new set of logic that recommends switching the approach of simply fortifying data from intrusion, to a system focused on what should be done after you are inevitably attacked. Of course, a recommendation like this doesn't carry much weight, even from experts. That is unless your expert is, RSA Chief Security Officer Eddie Schwartz.

If RSA and Eddie Schwartz don't ring a bell, a quick Google search will reveal news about the RSA hack earlier this year, and Eddie Schwartz was Chief Security Officer at Net Witness - the organization that identified the breach, and was later purchased by RSA parent Company EMC. While companies are in fear over exactly what vulnerabilities related to the SecureID hack still exist, he is speaking out to promote a shift of any IT organization.

The problem, as Schwartz sees it, is that teams are more focused on preparation for prevention versus preparation for reaction. Moreover, if attacks are inevitable, plans should be made to minimize the impact an attack would have. Thus, changes should come in three main areas; risk assessment, security agility, and information access. This, for the most part, makes logical sense, and to a point stays ambiguously correct. Let's take this a step forward though, and approach it from four essential IT Service Management processes. Listed below are reactionary approaches to using ITSM in squelching a successful hack.
Incident & Problem Management - The Service Desk
Phishing scams are an easy, and very popular, way to grab secure information from end users. If your users are trained to identify these, or even if they just happen to be observant, they likely will submit an incident. While a team might pass this by as a typical daily assault, make sure there are steps to escalate and research any phishing claims proactively. An increase in direct phishing attempts to your organization may mean a hack has taken place, or is currently in process. Once the attack is identified, use your service desk as the point of central communication for assessing any ongoing attempts
50 Reasons You Need ITSM
Change & Release Management - Change Management
Once a hack has occurred, changes will need to be made. Perhaps even, the hack is the result of, or can be easily identified by, a recent change. Assigning a team to review audit records is an essential step in determining how an intrusion occurred, and what malicious activity has taken place. Of course, any changes going forward should be communicated clearly and concisely.

Service Asset and Configuration Management - CMDB (Configuration Management Data Base)

Quick access to information is one of Schwartz's main recommendations. Given that many hackers often take advantage of OS or application security holes, you need to be able to identify which systems may have been susceptible, and in turn need to be updated, or quarantined from the others. Taking this a step further, dependency mapping tools provided by the CMDB will show a correlation between affected systems, allowing specific and precise action to be taken.

Self Service & Request Fulfillment - Service Catalog

Many hacks result in stolen user names and passwords. This is often due to the fact that having a database of accounts is essential to diving deeper into your infrastructure. This means a mass password change is a common step once a hack has occurred. To avoid the cost of manually issuing new usernames and passwords, automate this step and offer it via the Service Catalog.

|