One of the services that ITSM provides the customers is security. With the boom of cybercriminals, there is no dearth of threats to your business. One way to deal with security breaches is to stay prepared. In his blog, Joe the IT Guy has discussed how you can prepare a threat model to ramp up the ITSM game.
ITSM and Threat Model Creation
It is time for a threat model when you hear about data breaches, zero-day vulnerabilities, mobile phishing, etc. every day. Though it is a potential business opportunity, very few vendors offer threat modeling in the mid-market and SMB sector. However, if you are planning to ramp up ITSM, your threat model must answer the following six questions:
- What is the purpose of composing the threat model—protection, creation, operation?
- Who are the possible attackers?
- What are the ways they can attack you?
- How are the attackers going to profit from it?
- What steps is your company taking to avoid, identify, and quarantine the situations?
- Are the steps working out well for your company?
Four Phases of a Threat Model
Planning: Collect artifacts from project managers, architects, designers, operators, etc. to create a threat model blueprint for ITSM. Let them understand the importance of the process. Conduct workshops and encourage them to attend expert interviews and conferences.
Identification: To work on a threat model, you need data to prepare the contingency plan for ITSM. Leveraging this data, you can set up workshops to put them into context and legible to your employees. To engage them, you must personalize the threat as per operation, product, or service.
Evaluation: When you have got the hard data and the people engaged with the process, it is time for you to figure out the next step. Establish best practices and preventive actions based on the views the departments provide.
Share: When you have finally listed down the information, you need to share it across the organization. While upgrading ITSM products or applications, you can easily refer to the threat model to implement security measures. Your teams will prioritize processes by integrating the threat model into their culture.
To view the original article in full, visit the following link: https://www.joetheitguy.com/2018/10/17/itsm-basics-know-your-information-security-threats/