processes are the following potential issues you may encounter:
- A process being performed has no formal documentation
- A process being performed does not match what was documented in the formal documentation.
- Operators commonly skip or ignore key documented steps in a process.
- The formal process is out of date and if used as documented would pose a threat to the environment.
- There are no metrics to ensure the process is being performed effectively.
- The operators have their own informal set of documentation or guidance that they use to support their function.
- Operators have no knowledge of documentation\
- There are no defined custodians of a process
- There are no defined owners of a process.
- The owners of a process do not know they own the process.
- A process is being performed that is no longer needed.
- There are elements of the network perimeter that have no processes supporting them. (hard to believe but true).
- Monitoring and security processes that only confirm what should be happening but not what could be happening and shouldn’t be. (think about it)
I hope this article has been hopeful to focus you in the review of processes of a network perimeter. Hope to see you next time at “The Risk Rack”.
Popularity: 1%
