Process

From Socology.org - The Study of Security Operations
Revision as of 04:54, 17 October 2018 by Frankangiolelli (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Process

Process is necessary to reduce Operational Ambiguity [1]. There are many resources available on process, including ITIL[2]. The scope of this Dimension is to simply know that process exists, even if it is ad-hoc.

Questions for Success

Is there an existing process to execute? The question starts with whether or not there is an existing process.

How mature is the process? There are many describers for mature processes. The CMMI Institue[3] and SOC-CMM are a starting point[4].

Are stakeholders, constituents and management aligned to that process? Internal alignment on a process, documentation of that process, a description of it as well as continuous improvement reduces friction.

Does the process deliver the desired outcome?

Is the staff aware of the process and trained on it Staff execute processes. To do that effectively, the people need to be trained, which requires Documentation and they must have the required Tooling.

Additional Layers

Process can be broken down an additional layer into the Business Process Management and Process Improvement [5].