Module 1: People Process & Technology

by
Contents hide
1 INTRODUCTION – People Process & Technology
2 WELCOME TO PEOPLE, PROCESS AND OPERATING SYSTEM FUNDAMENTALS FOR CYBERSECURITY
3 FRAMEWORKS, POLICIES AND ROLES
4 BUSINESS PROCESS MANAGEMENT AND IT INFRASTRUCTURE LIBRARY BASICS
5 PEOPLE, PROCESS AND TECHNOLOGY
6 CONCLUSION – People Process & Technology
Spread the love

INTRODUCTION – People Process & Technology

The module elaborates on the general structure of security organization and possible use of a service management, in which the service is developer of the provision for both addressing and responsiveness to cybersecurity threats within an organization. Such topics as the standard ITIL processes are part of this study.

Learning Objectives:

  • Elaborate on each phase of the ITIL lifecycle
  • Define Information Technology Infrastructure Library (ITIL)
  • Summarize continual process improvement
  • Discuss typical metrics for process performance Articulate what makes a process successful
  • Describe standard process roles
  • Define process in the context of business management and describe its attributes
  • Define Security Operations Center (SOC)
  • Discuss typical roles in an information security department
  • Discuss objectives of frameworks, baselines, and best practices in cybersecurity
  • Define IT security

WELCOME TO PEOPLE, PROCESS AND OPERATING SYSTEM FUNDAMENTALS FOR CYBERSECURITY

1. In the video Welcome to People, Process and Operating System Fundamentals for Cybersecurity, Alex mentions especially needing which two (2) technical skills and which two (2) soft skills?

  • Networking and Programming
  • Effective Communications and Critical Thinking (CORRECT)
  • Teamwork and Public Speaking
  • Leadership and Organization
  • Firewalls and Antivirus (CORRECT)
  • System administration and Scripting

Partially correct! These two are the outstanding soft skills identified as being especially significant.

Partially correct! These, therefore, are the two really important technical skills, highlighted.

2. The statement: “The protection of computer systems from theft or damage to the hardware, software or information on them, as well as from disruption or misdirection of the services they provide.” Is a good definition for what?

  • IT Security (CORRECT)
  • The CIA Triad.
  • The Open Web Application Security Project (OWASP) Framework.
  • The Information Technology Infrastructure Library (ITIL) framework.
  • The Business Process Management Framework.

Correct! this is one good definition of IT Security.

FRAMEWORKS, POLICIES AND ROLES

1. When looking at security standards and compliance, which three (3) are characteristics of best practices, baselines and frameworks?

  • They are used to improved controls, methodologies and governance for the IT department. (CORRECT)
  • They enforce government, industry or client regulations.
  • They are rules to follow for a specific industry.
  • They help translate the business needs into technical or operational needs. (CORRECT)
  • They seek to improve performance, controls and metrics. (CORRECT)

Partially correct! Best practices, frameworks, and baseline documents serve to provide organized guidance and standardized routes through which organizations may build and deploy their security in a manner that is most effective and consistent.

2. Which three (3) of these roles would likely exist in an Information Security organization?

  • Product Development Manager
  • Regional Sales Executive
  • Vulnerability Assessor (CORRECT)
  • Director of Human Resources
  • CISO, Chief Information Security Officer (CORRECT)
  • Information Security Architect (CORRECT)

Partially correct! These positions are usually found in the information security personnel.

BUSINESS PROCESS MANAGEMENT AND IT INFRASTRUCTURE LIBRARY BASICS

1. In the video Introduction to Process, which three (3) items were called out as critical to the success of a Security Operations Center (SOC)?

  • People (CORRECT)
  • Tools (CORRECT)
  • Process (CORRECT)
  • Bandwidth
  • Faraday Cages
  • Uninterruptible Power Supplies for all critical systems.

Partially correct! Awesome! Would you mind sharing the other two roles? I can definitely help recast or further elaborate on those as well, if you like.

2. Process performance metrics typically measure items in which four (4) categories?

  • Rework (CORRECT)
  • Cost (CORRECT)
  • Injuries
  • Quality (defect rate) (CORRECT)
  • Backlog of pending orders
  • Cycle time (CORRECT)
  • Parts Inventory on hand

Partially correct! Yes, this was one of the four categories.

3. Service Portfolio Management, Financial Management, Demand Management and Business Relationship Management belong to which ITIL Service Lifecycle Phase?

  • Service Operations
  • Service Transition
  • Service Improvement
  • Service Strategy (CORRECT)
  • Service Design

Correct! This is the ITIL Lifecycle Phase for the items listed.

4. Log, Assign, Track, Categorize, Prioritize, Resolve and Close are all steps in which ITIL process?

  • Event Management
  • Change Management
  • Incident Management (CORRECT)
  • Problem Management

Correct! These tasks do belong to Incident Management.

5. What critical item is noted when discussing process roles?

  • Separation of duties is critical (CORRECT)
  • Approver should be the requestor
  • Approver should be the supplier

Correct, The one who authorizes a request can’t be the one who requests it.

PEOPLE, PROCESS AND TECHNOLOGY

1. The process in ITIL where changes are released to an IT environment is called what?

  • Release Management (CORRECT)
  • Incident Management
  • Problem Management
  • Change Management

2. Which service management process has the responsibility of understanding the root cause of a problem?

  • Problem Management (CORRECT)
  • Incident Management
  • Change Management
  • Configuration Management

3. In the video What is IT Security, Elio Sanabria Echeverria put forth a definition that included which factors?

  • The protection of computer hardware.
  • The protection of computer software.
  • The protection of data.
  • The disruption or misdirection of services provided by your systems.
  • All of the above. (CORRECT)

4. This description belongs to which information security role? “This position is in charge of testing the effectiveness of computer information systems, including the security of the systems and reports their findings.”

  • Information Security Auditor (CORRECT)
  • Information Security Architect
  • Information Security Analyst
  • Chief Information Security Officer

5. Which of these statements most accurately conveys what was stated in the video Introduction to Process?

  • Solid and well documented security processes are making the role of the security analyst increasingly obsolete.
  • As volumes of security alerts and false positives grow, more burden is placed upon Security Analysts & Incident Response teams. (CORRECT)
  • As security monitoring and analysis tools advance and incorporate artificial intelligence, Information Security organizations are challenged to find new work for underutilized security analysts.

6. Event Management, Incident Management, and Problem Management belong to which ITIL Service Lifecycle Phase? 

  • Service Operations (CORRECT)
  • Service Improvement
  • Service Design
  • Service Transition
  • Service Strategy

7. Maintaining Information Security Policy (ISP) and specific security policies that address each aspect of strategy, objectives and regulations is the part of which ITIL process?

  • Information Security Management (CORRECT)
  • Problem Management
  • Service Level Management
  • Change Management

CONCLUSION – People Process & Technology

Thus, this module provides a broad introduction to an average security organization and an analysis of how the service management framework is useful for the advice or response plans of cybersecurity. Learners can also discover effective processes in terms of ITIL standard so that they can understand improved security measures in dealing with cyber threats.

Leave a Comment