Service Management Systems- What You Need to Know
Review from Part 1 – the SKMS. The whole point of an integrated service management system (SMS) is to strategically plan for, deliver and protect business value with investments in Information Technologies and services.
Security (Cybersecurity) is a key business value of all IT services provided to the enterprise that must be strategically accounted for throughout the IT investment value life cycle.
What is Service Management?
A holistic Service Management capability is achieved with a combination of
An integrated Service Management System (SMS) - Part 2 is covered here in this post.
A supporting Service Knowledge Management System (SKMS) – Covered previously in Part 1.
Why have a Service Management System for Strategic and Proactive Cybersecurity?
Just like the SKMS (in Part 1), In the new age of Artificial Intelligence (AI), knowledge is wisdom.
If you don’t have an integrated SMS operating model built for purpose, you can’t hope to create, maintain, certify, audit, improve or leverage the complexity of the interrelated data and knowledge assets that your organization creates, and will need strategically and proactively, to plan for and deliver cybersecurity of the future. Without it, you will lack the data, information, and strategic knowledge assets required to make real-time strategic IT investment decisions related to cybersecurity to deliver real competitive advantage both in terms of market share and in operational margins that improve efficiencies and effectiveness.
Is your organization seeking to just survive AI and cyber threats or leverage it to become a disruptor or market leader despite it?
What is a Service Management System (SMS) Operating Model?
A Service Management System (SMS) Is a structured, integrated, and systematic approach, or IT operating model, used by organizations to manage IT Investment value lifecycle knowledge assets. It is critical to understand the IT SMS operating model components and practices that create, maintain, and deliver cybersecurity management policy, strategy, objectives, and desired outcomes starting at IT service strategy, through service planning, delivery, operation, and includes the continuous improvement of services provided to the enterprise, business lines, their customers or / or clients.
It encompasses the policies, practices, procedures, and resources aimed at ensuring the effective and efficient delivery of (secure), cost effective services that deliver enterprise
strategies and outcomes while defending against, managing and / or mitigating cybersecurity event and business risks.
Cybersecurity interfaces with IT Service Management operation and delivery practices where security issues are involved. Such issues relate to the Confidentiality, Integrity, and Availability of data, as well as the security of hardware and software components, documentation, and procedures. For example, the ability to assess the Impact of proposed Changes on security, to raise RFCs in response to security events and problems; to ensure confidentiality and integrity of security data and to maintain the security when software is released into production.
The SMS IT Investment Value Lifecycle
Customer and Stakeholder Engagement: Engaging with customers and stakeholders is essential to understand their needs, gather feedback, and ensure that the services provided align with their expectations.
Service Strategy: Provides guidance on how to view service management in the context of Business Architecture / Enterprise Architecture (EA) in the alignment of IT to enterprise cybersecurity objectives, not only as an organizational capability but as a strategic asset. It describes the principles underpinning the practice of service management which are useful for developing service management and cybersecurity policies, guidelines, and processes across the ITIL service value lifecycle and it is informed by #1 above.
Service Planning and Design: This involves defining the scope and objectives of services, and security, identifying customer needs and expectations, and designing the processes and resources needed to deliver those services effectively.
Service Delivery: This phase involves the actual implementation and operation of services according to the (cybersecurity) plans and designs. It includes managing resources, handling customer interactions, and ensuring that services are delivered as promised.
Service Monitoring and Control: Organizations need to continually monitor the performance (and security) of their services to ensure they meet agreed-upon levels of quality and availability. This includes tracking key performance indicators (KPIs), detecting and addressing issues, and making necessary adjustments.
Service Improvement: Based on performance monitoring and feedback from customers and stakeholders, organizations should regularly assess their services and cybersecurity performance to look for ways to enhance them. This could involve identifying areas for improvement, making changes to processes, and implementing best practices.
Documentation and Communication: Clear documentation of (cybersecurity) practices, processes, procedures, policies, and service agreements is crucial for maintaining consistency and transparency. Effective communication ensures that everyone involved is aware of roles, responsibilities, and expectations.
Here are a few Service Management practices you may be familiar with that are fundamental to operational cybersecurity delivery.
SMS IT Operating Practices that Support Cybersecurity
|
|
|
---|---|---|
Change Management |
|
|
IT Asset Management |
|
|
Incident Management |
|
|
Service Configuration Management |
|
|
Service Level Management |
|
|
Event Management |
|
|
Availability Management |
|
|
Continuity Management |
|
|
Identity and Access Management |
|
• PCI DSS • GDPR -European Union regulations • CCPA (California Consumer Privacy Act) • FERPA (Family Educational Rights & Privacy |
Go to Part 1 – Get a debrief on the other half- Service Knowledge Management Systems