Process Improvement for Management of IT-related Processes

Most organizations have objectives for quality and improvement. Enterprises want employees to continually look for opportunities that fuel effectiveness and strengthen the company. The improvement theme is both a nice to have and a basis to survive, providing a direction to get better and a model for personal behavior and work culture. The basic improvement model is one of common sense, similar to those used in psychology and coaching. It can be teamed with any process reference model.

The improvement model has evolved over time with influences from many thought leaders, good practices and industries, including Dr. Edwards Deming, a key influence with the Plan-Do-Check-Act (PDCA) cycle (preferred over Guess-Do-Pray-Hope); John Kotter with organizational change; international standards such as those from the International Organization for Standardization (ISO), ISO 90001 for Quality, ISO 20000 for IT Service Management, ISO 27001 for IT Security; COBIT, ITIL, the National Institute of Standards and Technology (NIST) and Project Management Body of Knowledge (PMBOK), all of which incorporate or support improvement themes; and, Six Sigma programs, which have an improvement phase and so should you.

How do you do it? You can hire a Six Sigma person or you can do it yourself. It’s not difficult. For most of you, read a book or gain some awareness. ISACA offers a book titled COBIT® 5 Implementation in the COBIT product family. While the focus is on implementing governance of enterprise IT, one could add an alternative title:  Process Improvement for Management of IT-related Processes.

The book highlights a cycle of phases and component parts, all building on good practices. The 7 phases of the COBIT® 5 Implementation lifecycle include:

  1. What Are the Drivers?
  2. Where Are We Now?
  3. Where Do We Want To Be?
  4. What Needs To Be Done?
  5. How Do We Get There?
  6. Did We Get There?
  7. How Do We Keep the Momentum Going?

Each phase is supported by 3 components:  program management (PM), change enablement (CE) and continual improvement (CI). This is a good practice approach.

As an example, the components of the first 3 phases include:

  1. What are the drivers?
    1. CI – Recognize the need to act
    2. CE -Establish a desire to change
    3. PM – Initiate a program
  2. Where we are today?
    1. CI – Assess the current state
    2. CE – Form a team
    3. PM – Define opportunities or challenges
  3. Where do we want to be?
    1. CI – Define the target state
    2. CE – Communicate the desired outcome
    3. PM – Define a roadmap

Each component has suggested or potential key activities, inputs and outputs. Warning:  If you miss addressing any of these phases or components, or get overly creative with the order, you might increase the risk of failure. Like software, avoid customization.

Where to Start?
Where to start? Pain points and triggers are obvious. To gain a quick win and show how it is done, consider focusing on one process—your favorite process.

The COBIT 5 Implementation book gives you a starting place—allowing you to move forward with confidence on a solid foundation. Think of it as a playbook or recipe. Project managers like the 3 components as they address areas of frequent challenge, such as change enablement. Copy and save this model into your head and project templates.

COBIT 5 Implementation offers all of us consistent context and structure for current or potential activities. It contributes to the success of you and your team. The focus is on people—all of us; up, down and across the organization in any business line.

Editor’s note:  John Jasinski holds all ISACA certifications and certificates and teaches COBIT. He is an ISACA member and has been an active volunteer at local and international levels since 2006. COBIT 5 Implementation is available as a free PDF download for ISACA members. The printed hard copy is available from the ISACA bookstore. John suggests you buy a bunch and share them with your team. COBIT is currently celebrating its 20th anniversary. Learn more here.

John Jasinski, CGEIT, CRISC, CISA, CISM, ITIL, Business Process Consultant

[ISACA Now Blog]

Tech Docs: Traps v3.4 Has Arrived

Hate your antivirus (AV) solution? You are in luck! Earlier this month we announced Traps v3.4, the next step in the evolution to replace traditional antivirus software.

This release includes several major features that enable you to take the plunge to eliminate traditional antivirus.

Trusted Signers

To ensure your legitimate files are never prevented from executing on the endpoint, Traps advanced endpoint protection now evaluates whether files are signed by a trusted signer. The list of trusted signers is based on the official trusted signer list in WildFire. That means executable files that are signed by trusted signers are exempt from additional analysis and verdict evaluation. This feature is useful in situations where unknown executable files, such as new software updates for the operating system or for applications, are signed by a trusted signer but have not, yet, been analyzed by WildFire.

Local Analysis

Local analysis uses a statistical model that was developed using machine learning on WildFire threat intelligence. Traps uses local analysis to examine hundreds of characteristics associated with an unknown executable file to determine if the file is likely to be malware. With this feature, Traps quickly analyzes and assigns a local verdict to an unknown executable file when the endpoint is offline or while waiting for the official verdict from WildFire. Traps continues to use the local verdict to block or allow the execution of the unknown executable file until the agent receives an updated verdict from the ESM Server.

Malware Remediation

Traps now takes malware protection one step further with a new capability to transparentlyquarantine malicious executable files on the endpoint. To determine if an executable file is malicious and should be quarantined, Traps uses information from the following sources: WildFire threat intelligence, local analysis, and hash control policy. When malware is identified, Traps notifies the user about the quarantined file (if you enabled user alerts), removes the malware from the local folder or removable hard-drive, and stores the file in a local quarantine folder. With this feature, you can also restore a quarantined file to its original location.

Want More?

Here are a few resources to add to your Traps v3.4 reading list!

  • New Features Guide: Your go-to resource for all the new features in Traps v3.4.
  • Administrator’s Guide: Contains installation procedures and configuration workflows to get you up and running quickly.
  • Release Notes: Provides important information about the Traps advanced endpoint protection v3.4 software including known issues and limitations.

Pro tip: On the documentation search, use the facet to filter results for only documentation about Traps v3.4.

[Palo Alto Networks Research Center]

English
Exit mobile version