Cybersecurity is slowly but surely becoming a TOP priority – both in the private and public sectors. Despite this, it is often not easy for the IT manager to justify budget spending on preventive and protective measures. Management tends to believe that a firewall/antivirus = 100% security throughout the organization. Why are these procedures not enough and how should the IT department initiate a change in cybersecurity?
Open top management eyes
Are you, as the IT manager, being pushed by the middle and top managers of the organization to low-budget solutions that don’t cover the full range of risks? Ask your management the following questions. Try to find common answers and quite possibly open the eyes of your superiors, and the doors to the required budget.
- Do your staff know how to recognize a security incident and how to deal with it?
- Does IT have processes in place on how to proceed in the event of an attack?
- Where are your most vulnerable places and what happens if they are attacked?
Ask these questions again and think about whether an antivirus or firewall will solve these situations...
Start bringing cybersecurity into your business with ITSM
Knowledge is the best defence – knowing what is happening in the organization and its infrastructure, what assets you have in it, who is responsible for them, what happened to them or where employees have access.
The answers to (not only) these questions are offered by ITSM – IT Service Management, as supported by Service Desk and Asset Management tools.
ITSM is an often-overlooked method to start strengthening security – even though the potential of ITSM for cybersecurity is immense.
Service Desk as the basis of digital transformation and the first step towards cybersecurity
Service Desk is the first step towards digitization. It serves as a tool for effective management – when there is a problem, staff do not end up frantically calling the IT department, knocking on the door about when it will be fixed, overload the department with emails, etc. It just creates a request, that reaches the solver. The whole tool works on the basis of so-called Service Desk tickets (requests) – and users can see when the request will be ready and who will take care of it.
How to set up effective processes to avert a crisis
Service Desk clearly sets up the right processes so that you can respond quickly, efficiently and catch a crisis situation as early as possible in any security incident. Employees know who to contact, the incident gets to the solver immediately and thanks to prioritization, the solver does not wait for anything and begins to solve the situation immediately.
Change management to support implementing change
In addition to setting up processes, Service Desk will also take care of the so-called change
management – the management of changes and, above all, the risks that come with them. You have to plan every change perfectly. You should know its impacts. Be aware of the risks and gather the right tools and teams. That’s just what change management takes care of.
Each action is traceable – audit trails
Service Desk simplifies the on/offboarding of employees – with each arrival there are demands made on the IT department, like making available access pass cards, a computer, telephone, etc. And just knowing who received what when and why is crucial when it comes to internal security.
The same is true in the virtual world. Every need to access to the intranet and sensitive data goes through a request in Service Desk to the IT department, which must approve that access.
You can always trace back the what, who and when of any event in areas related to security.
Reports in Service Desk
Regular reports can reveal where the weak spots are and where to focus effort. Thanks to Service Desk, you know exactly what the most common failures/problems are being raised with the IT department.
Do you have an overview of all hardware and software in the company? With Asset Management, you know exactly what assets the company has, who is responsible for it and where it is located. All the information available in just a few clicks – no searching, losing or confusion.
But Asset Management provides far more than just hardware/software records. The software helps you prepare risk analysis, supplier quality management and much more.
Evidence of assets and interlinkages between assets
Corporate infrastructure rests on assets (CRM, mail client, even the ordinary PC). Some are more important – like network switches, others less so – like end-user devices. More important assets are tied to dozens or hundreds of less substantial ones.
Thanks to the complete asset register and, above all, thanks to the interdependency records, you know what will be affected in the event of a problem and what impacts the problem will cause. In addition, in the event of a problem, the complete asset records in Asset Management will tell you whether you have a replacement for a malfunctioning/infected device in your organization, what condition it is in, and where exactly it is located (e.g. its warehouse number).
Effective risk analysis
What would it cost you to lose your biggest client? How will you cope with an increase in the price of production materials? Do you have weak points in your infrastructure that are literally waiting for an outage or a cyberattack? Asset Management will take care of the underlying data for risk analysis (not only) regarding cyber security. Thanks to the analysis, you’ll know what threats can occur, how to prevent them, and what consequences they can lead to.
Clear supplier management
Do your suppliers have the certifications you require? We are talking about ISO 27001 – the internationally recognized standard that defines the requirements for security and its management. In Asset Management, you can record whether suppliers meet your specified criteria (e.g. certification) and use the info to identify potential risks.
Access control down to the level of assets and their properties
Marketing does not need access to the server room. Developers don’t need access to web analytics, and HR doesn’t need workshop access cards. Each employee has the access rights needed for their work – Asset Management helps to fine-tune internal security.
How to use the Service Desk & Asset Management connection within security
Institutions may have one of the two software packages implemented, thinking they no longer need the other, but the combination of both will significantly strengthen security.
Example: in Service Desk you schedule regular audits, risk checks, and in Asset Management you process records of assets and links between them.
Another case in point: Service Desk records show a user regularly reports a problem with their PC. The evidence in the Asset gives the solver a complete picture of the situation –showing the specific configuration dependencies. In the software, they immediately see its position, attributes and interlinkages schema. The solver does not have to search for anything. If the asset detects that it is not a hardware-related problem (lifespan, problem piece...), it immediately begins to address the potential threat.
ITSM is not a panacea
ITSM does not prevent attacks from occurring. As a result, ITSM is not even a security tool – it does not provide security on its own. So what is its significance? ITSM is a springboard for cybersecurity, on which you can build comprehensive defences against targeted attacks.