Security Awareness Tip of The Day

http://www.sans.org/tip_of_the_day.php

Passwords: Be creative

If you can't remember hard passwords no matter how hard you try, put your password in parenthesis. baseball38 is a weak password. (baseball38) is much better.

When you change your password, you should always change at least half of it and when you do, change the parentheses as well. Change the parentheses to asterisks, exclamation points or dollar signs. *sallyandbob39* is better than sallyandbob39, and !jimandbetty93! is better than jimandbetty93.

August 19, 2013

Change your password on a schedule.

Passwords are like bubble gum; they are better when fresh. The longer and more complex your password is, the harder it is to crack, and the less often you'll need to change it. If you use an 8-character password, you should change it about every six months. Remember: Never use a password with less than 8 characters. If you use a 9-character password and follow the rules about uppercase and lowercase letters, numbers, and symbols, it will stay fresh for a whole year. If you can't remember the last time you changed your password, it's time to change it.

CIRT - Computer Incident Response Team

What is a Computer Incident Response Team? (CIRT)
A CIRT is a carefully selected and well-trained group of people whose purpose is to promptly and correctly handle an incident so that it can be quickly contained, investigated, and recovered from. It is usually comprised of members from within the company. They must be people that can drop what they’re doing (or redelegate their duties) and have the authority to make decisions and take actions.

Further URLs:
http://www.sans.org/reading-room/whitepapers/incident/computer-incident-response-team-641
http://blink.ucsd.edu/technology/security/CIRT/index.html

Why Incident Management?

Why should I implement Incident Management?

Benefits of implementing Incident Management processes include:

• Maintaining service levels
• Meeting service availability requirements
• Increasing staff efficiency and productivity
• Improving user satisfaction

What is it?

Incident Management (IM) is one of the components in the ITIL Service Support area. The primary focus of IM is to restore services following an incident as quickly as possible. IM is primarily a reactive process; its processes provide guidance on diagnostic and escalation procedures required to quickly restore services.
Incident Management activities include:

• Detecting and recording incident details
• Matching incidents against known problems
• Resolving incidents as quickly as possible
• Prioritizing incidents in terms of impact and urgency
• Escalating incidents to other teams as appropriate to ensure timely resolution

http://www.teamquest.com/solutions/itil/service-support/incident-management/

Service Management Plan (SMP)

What is Service Management Plan?

The Service Management Plan (SMP) is a document that contains all the necessary details to run a service. Here's a breakdown of what to include.

Newton's third law of motion states that for every action, there is an equal and opposite reaction. Modern IT gurus state that for every successful action completion, there is a well thought-out plan.
Be it projects or services, a plan is worth half the battle won.

The Service Management Plan (SMP) is a document that contains all the necessary details to run a service. A project management plan is developed on the other end where projects are executed.
IT service management borrows heavily from the Deming's cycle, which is based on four iterative actions -- plan, do, check, and act. The gist of the cycle is that you plan first, implement whatever you have planned, check if the action completed takes you where you want to be, and take necessary actions to bridge the shortcomings.

http://www.techrepublic.com/blog/tech-decision-maker/whats-in-a-service-management-plan/

Typical content of a Service Management Plan

Basically whatever is necessary to run and maintain a service needs to be documented in a SMP. The contents of a SMP will be at the organization's discretion. Here are some of the common items that go into a SMP:

1. Scope -- The scope of a service draws a boundary where the service can step into and where it cannot. Mature organizations not only have a section for scope but also out of scope. This ensures that there is no "reading between the lines."
2. Brief description -- A couple of sentences on the service offered helps in setting the context. Maybe a server team is providing DNS service alone to a particular customer.
3. Support window -- Include something on the lines of 24 X 7 or 16 X 5, specifying the times, time zones, and days of the week when support is provided.
4. List of activities -- It's very important to list each and every activity that comes in as a part of the service. Leave no ambiguity on this one.
5. Effort and resources -- The total effort required to keep the services up and running and the resources in terms of servers, licenses, etc. should be spelled out. You should express the effort required in FTEs (full-time effort, meaning people working full time). Budgets can also be a part of a SMP.
6. Organization chart and escalation matrix -- List the team structure and hierarchy.
7. Dependences -- Other services that support this service, suppliers, and the architecture should be diagramed to indicate relationships. Example: For a SAP service, there will be dependence on the server team to keep up the infrastructure and the operating system.
8. RACI matrix -- Any service will have various roles, such as analysts, coordinators, team leads, managers, supporting team's personnel, and so on. You must map the activities listed to roles, indicating the accountabilities and responsibilities.
9. Processes and templates -- A link to the process documents and templates is preferable to keying the process as a part of this document.
10. SLAs and KPIs -- A link should be made to the Service Level Agreement (SLA) and similar agreements like the Operation Level Agreements (OLA).
11. Compliances -- List the certifications and standards that the service must adhere to, like ISO 20K, ISO 27K1, PCI DSS among others -- and the actions that are planned/undertaken to satisfy the controls.
12. Tools used -- Tools that are leveraged to run the service, like the service management suite, CMDB, monitoring tools such as Microsoft Operations Manager (MOM) and ANgate should be included.
13. Governances -- Many people hate reports and look at them as major time hoggers. But managers swear by them. You should record reports, meetings, and other governance aspects in the SMP.
14. Communication plan -- A service management team generally communicates directly with the customer or through the service level manager. There will be several levels of communications -- manager level, with suppliers and others. You should list them all and place templates for each one of them for consistency.
15. Risks -- A major exercise in any planning operation is identifying the risks and drawing up mitigation plans if the risk materializes.
16. Pipeline --This document should include, along with tentative dates, upgrades and activities that are planned, such as a memory upgrade depending on the expected new demand from the customer or an ISO 20K surveillance audit that's due next quarter. Even though I'm stating this as the last item in the list, it's very important.
This list is by no means comprehensive and must strictly be treated as a guide to drafting a SMP.

Signatories and sign-offs

The SMP is not an agreement, so no approval or sign-off is necessary from the customer. SMP is a planning document drafted by the service organization and maintained by the service organization to ensure that the contracts and SLAs are in the desired range.
Organizations generally get approval from internal higher management before the ball gets rolling. And, it is a good practice to share certain portions of the SMP with the customer to gain confidence and possibly get new business by showcasing meticulous planning exercises.