next section moving right along through chapter five. And this is really the topic of Chapter five, which is operations management.
So when we talk specifically about operations management, we have various categories that we have to talk about. So I'm gonna condensed everything on this one slide just to make sure that we're all on the same page. And once again, many of these topics have been covered in much more depth
in other sections. So this is also gonna be just kind of a review. So when we talk about operations, management is, of course responsible for the security of our data. And when we talk about data security, we think about the C I. A. Try it right. We think about confidentiality. We think about integrity
So am I providing those three service is for information
configuration and configuration management
document document document. So
I purchased a server. What is the existing configuration of the server, what with steps that we take. How do we baseline that server? What does that mean? What are the processes that we go through for change? Because change management and its processes fall right in line with configuration management making sure that no one authorized changes happen and that unauthorized changes happen. There's a specific process
and that we follow those processes or that process, and we can go back and evaluate the process.
Incident response will talk about incident response of our to talk about that a little bit. But the goal with incident response is, of course, minimize the impact on the organization. So when we talk about minimizing the impact, we have to plan for instant response.
We have to make sure that our people are trained, that we have the right procedures. We have the right tools we have to be able to identify. An incident has happened,
right? We have to collect evidence of necessary. Now that's gonna kind of move more into forensics. So what you'll see is there's there's incident response focused on minimizing the loss. Then we shift into forensics, which may very well need toe happen.
Uh, and we shift our process into thinking about collecting evidence 2% in court. But the bottom line for both is
well trained staff. Good preparations, the proper tools documented expectations for the team knowing what to do, what not to do so those will go hand in hand release in deployment. So we developed software, for instance.
At what step do we release that software in the operation?
How do we deploy it? Well, what has to happen? First, we've got to start with the secure software development Life cycle. And within that lifecycle, security has to be implemented every step of the way. Right immediately. We're thinking about security risks from our feasibility study,
right? And all the way throughout the development. We, uh, right. Secure code. We test to see if the code is secure.
Ah, would you? Vulnerability assessments than Penn casts. If the software passes those tests, we now have a certified product that then goes to management. And if management wants to implement the product they credit or authorizing, we get, then go to deployment.
Based on a pre defined set of process, it's making sure we follow those processes.
Process, process, process. Always the right answer. If you have a problem with the product, it's really a problem with the process.
All right. Service level agreement. We have counted the beauty of third party governance and how very essential it is that we have an element that manages how we enter into contracts, how we handle procurement and cure mint documents
and how we evaluate our vendors, how we select our Venator's, how we monitor our vendors. That's all the responsibility. Third party governments, those processes
capacity talk about capacity, being able to grow that idea of elasticity that if I need more resource, is I have them available. Big benefit of the cloud
disaster in recovery. And that's recovering business continuity. We talked about that early. It may have been it may have been from the very beginning back in the first chapter, but I knew it was in an earlier chapter that we talked about this. But
once again, the key to successful continuity and disaster recovery is planning.
You can't plan for a disaster while it's happening, and disaster recovery does not. Should not look like everybody yelling and running around arms in the air, right. We should have a step by step plan, so redundancy helps us
when we talk about planning. Being able to assess criticality of our resource is
having a well written plan that helps us restore resource is based on their criticality, with our focus of the long term health and of the organization is a hole to keep on going
and then also last mentioned here. But there are many other things that are part of operations. We know that, but continual service improvement aren't there ways we can get better? Aren't there ways we can be more efficient? Can we shave some of the process off again? We don't sacrifice
the quality of the product by saving time in process. We've got to find that balance, but always looking at ways that we can get better. This was, um uh, this is referred to a term caisson, and that's in the Japanese automobile industries where that really initiated and it's all about continual
So that's just sort of a summary of the ideas of operations management. And one of the things that will need to talk about it really falls under this Category two but deserves its own time in space. Is risk management