Additional Service Operations Processes

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 16 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:00
alright learners, we all less than 6.4 additional service operations and processes. Alright, so are learning objectives. In this video, we will cover additional service operation processes as well as the key concepts of the event types and fulfillment requests.
00:17
Alright, so access management, right so access management. It grants the authorized users the right to use this service while preventing access to non authorized users. So the purpose does not extend to determining which users require access to services and data. They only enforces those decisions on a daily basis,
00:36
so excess management must operate within the policies and actions to find
00:41
by the service strategy in the service design phases. So that's including the information security management process.
00:48
Okay,
00:51
So when we look into the objectives of access management, access management is a process which can be initiated by a service request, right. So manage access to a service based on policies and actions define in the Information Security Management, which you can see in the service design so efficiently
01:08
respond to the request by granting access to services,
01:12
changing access rights or restricting access, ensuring that the right that the right being provided or changed are properly annotated and granted. And then you can oversee access to services and to ensure the rights are being provided and not improperly being used. Okay,
01:34
so when we start going into the basic concepts of
01:38
access management, the point in terms to take away up here is definitely the access, right? So that's the level and extent of the functionality of its service users whose are entitled. And then you go into the identity, which is the information that is uniquely distinguishes a user or person or role.
01:57
And then you have your rights and your privileges,
02:00
which is the settings which such as, like rewrite, execute that a user is granted to have. And then you have your service groups, of course, is a set of services used by a user or group, and then your directory services, which is a specific tool used to manage
02:19
access and rights.
02:20
And then, of course, you already aware of our CIA, which is our confidentiality, our integrity and our availability. Now, those are definitely still important terms, toe always taking consideration when we are doing our information security management as well as these these processes. Okay,
02:38
so when we started looking into what is the scope of the access management right? So the access management enables the organization to manage the confidentiality and the availability and integrity of the organization data, intellectual property. So that's going from the information's security Management defines in that policy.
02:58
So access management
03:00
ensures that users are given the right to use the service at agreed times so that availability management ensures that service availability. And then you have the access management where it's executed by all technical and application management functions, so that the access management can be initiated by a service request
03:17
in the service deaths or the I T. Operation management can provide a single point of coordination within their
03:24
okay,
03:27
And then we start looking into what is out of scope, right? So deciding who should have the right to use that service and that, um, responsibility of strategy and design faces so notably information security, information management as well, and then ensuring the availability of that service.
03:46
Now that's the responsibility of them,
03:49
the availability management. So that is out of scope of the access management.
03:53
Okay,
03:55
so then we go into the event management process now, the purpose of this particular is more to manage events throughout their life cycles by detecting events and making sense of them and determine the appropriate control action. So to provide the basis of the operation of monitoring and control. And
04:15
it can be used to all for automating normal operations as well detecting early warning signs and failures of the sea ice.
04:24
So the purpose of it event management processes to ensure that every service provider has that ability to manage events through the life cycle so the process can be can ensure that the service provider is approaching event detection or correlation or a response management that could be proactively or plan in the planning, the plant manner. Okay,
04:44
so the part in terms is what is the event?
04:46
So is there any change of state that is significant for the management of a C I or I t service?
04:55
Okay.
04:59
And then the objectives of the information the event management process when we start looking to the objectives of it, you know, is a change of events. Events can require I t operation personnel to take action and often resulting events being logged.
05:15
So the event is a detectable and discernible occurrence that is significant
05:20
for the management of I t. Infrastructure or I t service.
05:25
Okay,
05:28
but when we started looking into here, you know, you're determining you to take the significant chances of the state of of the sea ice, and you start noting, I tell list the following objectives for the event management process as far as you know, determining the appropriate
05:43
control actions, the responses or providing those trigger to initiate other operational processes.
05:48
And also to provide the means to compare extra performance against designs in tow to provide the basis of service, insurance and reporting, which is crucial to the event management process.
06:02
So when you look into the scope of the event management, so that's more so of a can support many activities in the service providers environment. So you have the configuration items,
06:15
right? So that's the CIA that we talked about monitoring operation of states and operating the updating those those statuses software lights and since
06:24
monitoring and environmental conditions and security monitoring. So those air to the tech intrusions and fire and smoke protections okay,
06:38
and then you would go into the basic concepts of event management, and we look into those more of the alert in the event types. So the Lord is actually just a warning. That threshold has been breached, something that has changed or a failure has occurred. And then you go into the vent types, which is informational, does signify regular operations.
06:57
Then you have warnings that signify unusual operations that you may need to look into later.
07:01
And then you have your exceptions, which more of signifies the abnormal operations. Okay,
07:11
so when we look into the basic concepts even further so, as you see indicates of information that could be used by trending analysis and then the warning event, since indicating early warning information and then exceptions events indicating abnormal situations or failures that require additional follow up
07:31
and then request
07:33
fulfillment, product
07:35
request fulfillment process and the purpose of that. So so, due to the wide range of service invited environments and services, the purpose is to Maine to manage life's like of all service requests from users. So the important terms to take care is the service request is a request from a user for information or advice
07:55
for standard change or access to in service.
07:59
Okay,
08:01
so objectives of a request fulfillment. So those objectives for the request fulfillment is more in alliance to request can be broken down into a series of steps that are stored as a request from request models in the S kms. So while some
08:16
or may may let service requests be handled through their incident management processes and tools they need to be, they need to be conscious of the fact that whereas the incident is
08:24
unplanned, disruption to the business service request is something that can and should be planned for. So you handling efficient handling of those requests service and deliver those components of required services to their business
08:41
in the scope of requirements. Of course, that sometimes handled through the independent requests fulfillment, required processes and sometimes handled through the incident management and process tools.
08:50
So in summary, less than 6.4 touched on the key concepts. The process is the access management event management event types and request fulfillment.
09:01
See you soon
Up Next