Understanding dependencies

Being able to provide the architecture for a cyber intelligence capability for an enterprise means that you have to understand the dependencies of each major process from end to end.

For example, let's look at some of the major processes for vulnerability management:

  • Enterprise asset management: This is the process that manages all of the assets that exist in the enterprise
  • Vulnerability management tool asset management: This is the process that ensures that all of the enterprise systems are correctly loaded into the scanning tool
  • Scanning process: This is the process that finds vulnerabilities within systems that are in the tool asset management database
  • Analysis and distribution: This is the process that processes scanning results, sorts out what needs to go to who, and delivers the information
  • Remediation: This is the process that fixes identified vulnerabilities:
    • Local change management process: This is the change management process that is developed and maintained by the resident business units or local office
    • Regional change management process: Local change management processes route to the regional process that ensures that these procedures are monitored and in line with organizational standards
    • Vendor supported change management process: Integrated support from vendors into the organizational change management processes
  • Risk: The process that evaluates the probability and impact of vulnerabilities that exist within an enterprise

A graphical representation can be seen here:

There are dependencies for each step and we need to understand these to answer a few questions:

  • How can we create good interaction between all dependent process owners? 
  • Who are the main stakeholders within each of these processes?
  • How do we evaluate the interaction between the teams?
  • How do we evaluate the risk of each part of the process?

By answering these questions, we can at least gain an understanding of who the key players are in the process, begin creating the means of communicating, and start a RASCI matrix to begin assigning and attributing specific tasks to teams.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.223.196.211