Category Archives: Documents

Predictive Profiling: What is your current and future risk profile?

Articles, Documents

Predictive profiling is in use from the origins of risk management in the ancient world, to new hazards and management platform treats of the industrial era, command and control models introduced in the Cold War era, to more contemporary “all-hazards” to current “risk management” approaches to a mature cloud-based document management platform that treats files as intellectual assets in businesses.

Artificial intelligence Profiling involves carrying out a risk analysis on all risk items, training continuously on different security subjects, refreshing ‘old’ knowledge and mining statistical modeling and profiling as a way of establishing identity.

Insurers use Big Data to tackle fraudulent claims through profiling and behavioural profiling, It involves predictive analytics that is used to assess likely future behaviors or events and to practical Predictive Profiling and discovering hidden insights and patterns with the help of machine learning techniques.

Identifying cause-effect relationships across the variables from more practical experiences has always been in the forefront of predictive profiling. Large data sets train machine-learning models to predict the future based across the variables and contribute to the world by designing and creating Enterprise Risk Management and Claim Settlement vulnerabilities and weaknesses.

Human Analysis is often where the ball drops as far as competitive intelligence tools are blunt, implementing risk mitigation strategies and actionable steps that will vary depending needs and models that can read masses of text and understand intent is the way forward for analysts.

Cyber security: How do you measure the effectiveness of your cyber security program?

Articles, Documents

Information security consists of the technologies, policies and practices you choose to help you execute processes Regardless of your level of cybersecurity knowledge or the resources you have, support your surrounding security metrics and the mission of cyber threat management to assess, improve, build and evolve your cyber policies.

Your cybersecurity risk management program will probably start with understanding the level of your employees’ surrounding security metrics and improve your detection capabilities and build an effective response program with your company’s cybersecurity.

You measure your organization in various domains to determine your business defence from cybercrime.

An incident management capability is the ability to provide management of computer security intrusion and disruption, visibility is critical to your security management program today and managing security can be the best change for your organization. And it is also the confidential aspect of your business where it ensures appropriate protection.

Not being able to answer these questions may cost you more than you think

Articles, Documents, Resource Hub

Not being able to answer these questions my cost you more than you think

When your consultancy assignment is all about Disaster Recovery Service Level Management (DR-SLM), you want to make sure you are well prepared.

It could be a disaster in itself when your Service Level Management process is missing vital bits, or when the agreements haven’t been signed by the proper people in the organisation. (To just name the first two things that came to mind)

To help your client in their understanding of the importance and impact of Service Level Management during a Disaster Recovery, it may be a good idea to prepare by doing an internal check.

This internal check can be done in the form of a Self Assessment. A Self Assessment gives you a current status overview, a line in the sand to give you clarity and understanding where DR-SLM adds value. This benchmark also visualizes where the weak spots / areas for improvement are, which makes it a perfect exercise before you allocate resources for an improvement project.

However, when you look at self assessment questions it’s important that you answer them based on your own personal opinion and experience. This becomes even more important when you fill out the Self Assessment with your team. Each individual in the team answers the questions differently – but keep in mind that the ultimate answer to each of these questions is:

‘In my belief, the answer to this question is clearly defined’.

If you want, you can go even further and ask for documented evidence, rather than just opinions. This will move the questionnaire more into an auditing realm as you require evidence to substantiate the answers.

Some of the most important management requirements for Disaster Recovery Service Level Management are listed below. For each of these questions, think about your current role and try to answer them truthfully.

Are these requirements identified, assessed, implemented and documented? Or is there room for improvement of Disaster Recovery Service Level Management processes in the organisation?

The management requirements are across 7 different phases, which coincide with the general life cycle of a business process. These phases loosely align with Deming’s Quality cycle: Plan – Do – Check – Act (PDCA for short).

  • Plan what you are going to do
  • Do what you planned for
  • Check / study and analyse the results of what you did in the previous step
  • Act accordingly – improve the activities, measurements and expected outcomes.

To help you to understand the style of questions you can ask during a Self Assessment, we chose a selection and placed them in the appropriate phases:

Phase 1: Recognize the value of Disaster Recovery Service Level Management for the overall business

  • Do you need any special (e.g., flood) insurance now?
  • Are the services provided by your organization identified?
  • What are the expected benefits of Disaster Recovery Service Level Management to the stakeholder?

Obviously, these questions are quite high-level as they test whether or not you recognize the value of Service Level Management and Disaster Recovery processes in general. At this stage of the organisational maturity you’re looking at the big picture of what can happen during a disaster and what the value would be of formal processes.

You also want to ensure there is a clear and obvious benefit of Disaster Recovery SLM seen by stakeholders and budget holders. Having this kind of support is crucial at any stage of the project, but especially at the start.

Phase 2: Define what Disaster Recovery Service Level Management means within the context of our business

  • What are the compelling stakeholder reasons for embarking on Disaster Recovery Service Level Management?
  • Exactly what type of expertise is required?
  • What critical operational or security controls require implementation prior to recovery?

The next phase is a step up in the business process maturity. There is a clear understanding of the value of Service Level Management in the context of Disaster recovery but we now need to identify what that means for our business.

The discussions with the executive team and the stakeholders should be more targeted towards the specific benefits for the business. Create clear definitions of the input, expectations and output for the processes. Ensuring that the expectations and deliverables are clearly defined within the boundaries of the business requires strategic thinking.

This step takes the whole program beyond a ‘cookie cutter’ approach. Especially when you think about Disaster recovery processes it is important to do everything within the business requirements. Skipping this step may cause you to spend too many resources on tasks and deliverables that do not provide any added value to the business.

Phase 3: Measure How Disaster Recovery Service Level Management is currently performed

  • How large is the gap between current performance and the customer-specified (goal) performance?
  • Are disaster recovery and business continuity programs based upon a business impact analysis?
  • Are there current service level agreements/documents of understanding with all service providers for your critical business processes?

When you start doing the Self Assessment you will most likely realise that you already do some of the activities around Disaster Recovery Service Level Management. Just because you didn’t officially name the processes doesn’t mean nobody thought about doing this.

That’s why these self assessment questions are so valuable. It brings out in the open the decisions that have already been made, the processes and activities that are already providing value. So don’t think a self assessment is only to find out the gaps, or to realise there is so much more you need to do. Also consider doing this self assessment to find out where to celebrate your successes.

Most of the time though, going through a self assessment like this will create the realisation that while you’re already doing some of the steps, the activities need to be consolidated and delivered more consciously to achieve better results for the business.

Phase 4: Analyze how Disaster Recovery Service Level Management is performing

  • Were any designed experiments used to generate additional insight into the data analysis?
  • Does the DRP designate the retrieval procedures of the stored data?
  • Do you have formal agreements for an alternate processing site and equipment should the need arise to relocate operations?

It’s one thing to measure what you currently do, but the raw data won’t give you insight in the benefits for the organisation. That’s why you need to have structural analysis processes to turn the raw data into information that makes sense for Disaster Recovery.

Running Disaster Recovery Service Level Management is all about consciously taken decisions. You need to document what you do and why so that when (if) the disaster occurs everybody knows exactly what is going to happen. This takes the uncertainty out of a very stressful situation.

Phase 5: Improve the disaster Recovery Service Level Management processes

  • Were any criteria developed to assist the team in testing and evaluating potential solutions?
  • How much of the IT effort goes to firefighting rather than enabling business improvements?
  • Are there policies in place to address post-disaster redevelopment?

It goes without saying that the self assessment will uncover many areas for improvement.

Some of the improvements will focus on the technical infrastructure and how you create agreements to keep utilizing the technology during a disaster. Many improvements however are around the continuity of the processes and procedures. For example question about the policies to address post-disaster redevelopment.

The improvement projects will help shift your business from a reactive approach to DR-SLM to a more proactive approach. The proactive approach helps the business with the risk mitigation and management strategies and to forecast the potential impact of disasters on the future of the business.

Service Level Management and the Service Level Agreements play an important role in this shift as it helps to understand what everybody’s role is in case of a disaster and where the responsibilities lie for the steps taken to continue to deliver the service and to manage expectations.

Phase 6: Control the Disaster Recovery Service Level Management processes

  • How should your organization prioritize DR/BC planning with so many other important priorities?
  • Which process must consider Business Continuity Plans as a major part of its own planning?
  • Do individuals responsible for contingency planning understand responsibilities?

It’s one thing to have a plan that is supported by processes, it’s a totally different level of sophistication to have control over every step in the process.
To control the outcomes and the various deliverables of DR-SLM, you need to appreciate and understand the interdependencies of the various business processes. You also need to check the dependency on internal and external suppliers, especially where Service Level Agreements are concerned.

Phase 7: Sustain the Disaster Recovery Service Level Management Objectives

  • Who does what for DR plan maintenance?
  • Do you have an adequate level of skills and competencies to manage the current and planned workload?
  • What happens if a key supplier suddenly shuts its doors ?
  • Are enterprise and IT objectives linked and synchronised?

The final maturity phase in the Self assessment looks mainly towards the future. How can we control the quality level and outcomes of the processes around disaster recovery and service level management? How can we sustain the way we deliver the expected level of services, even when the business scales? How do we anticipate the response to a disaster even when there are many new external influences?

All these questions need to be considered. It doesn’t matter that you don’t have clearly defined answers to these questions (yet), at least now you know that these questions matter and that this is something that you may need to look into for the future strength of the company.

By now you have an appreciation for the fact that these questions provide the basis for important strategic and tactical discussions, while offering a clear pragmatic approach to the implementation of the ideas for improvement.

You won’t be able to answer all 1000 questions, that’s not the intent behind the self assessment. The idea is to identify the questions you must have an answer to, to avoid expensive mistakes or oversight in relation to your Service Level Agreements within the context of Disaster Recovery.

When you perform these self assessments with regular intervals, they will give valuable insight into the growth in business process maturity, and tangible benefits from the implementation projects. Closing the loop back to the stakeholders and those responsible for the budget allocation becomes easier and with better business context.

Article by Ivanka Menken, CEO The Art of Service, author of Disaster Recovery Service Level Management  Self Assessment Guide.

______________

Bio:

Ivanka Menken is a serial entrepreneur and the owner and Co-Founder of The Art of Service since 2000.  Ivanka specialises in creating organisations that manage their services in a sustainable and customer driven manner. With 20+ years of management consultancy experience and an education degree, Ivanka has been instrumental in many organisational change management projects in The Netherlands, USA, Canada, New Zealand and Australia for both government agencies and private corporations.

Ivanka beliefs that education and training is at the foundation of every successful enterprise. Ivanka has been a guest lecturer for a number of Queensland universities on the subject of IT Service Management and Organisational Change Management and proudly featured as one of “Australia’s 50 Influential Women Entrepreneurs” in 2016.

While running The Art of Service, Ivanka authored a number of publications on IT Service Management, Cloud Computing and Customer Service. She also completed her Entrepreneurial Masters Program at MIT and served on the board as the second ever female President of the local Entrepreneur’s Organization chapter.

Link to Disaster Recovery Service Level Management Self Assessment book: store.theartofservice.com/disaster-recovery-service-level-management-assessment-toolkit-best-practice-templates-step-by-step-work-plans-and-maturity-diagnostics/

What you don’t know about Mobile Security

Articles, Documents, Resource Hub, Standard Requirement Self Assessment Information

When we’ve been working in the same industry for a while, you get used to knowing a lot about a specific subject.

For example: You’re a security Management expert, you have all your qualifications and certifications that make you very wanted in this field.
People (clients) look at you as the subject matter expert because, let’s face it – your LinkedIn profile shows all the right experience and education.
You don’t even think about it, because it has become second nature.

Easy to get complacent at this stage – you still read articles about security and you have an interest in mobile security so you pay a bit more attention to that. But in reality you’re just super busy with all the engagements you have booked to dive deeply into the matter.

On top of that, you don’t really know what you don’t know. You know a lot – but not everything.. so how do you find out what the best way is to allocate your effort when you want to learn something new about Mobile Security? (or any type of security for that matter).

That’s why we at The Art of Service created the Mobile Security Self Assessment Toolkit. Because we’ve all been there… and we want to help you break through this challenge.

The toolkits consist of 3 different sets of questions about Mobile Security. These questions help you with your clients or your teams, to get them thinking about Mobile Security or the definition of this within the context of their business.

The questions are organised based on an increasing level of maturity of the business processes surrounding Mobile Security:

  1. Recognise – at this level you recognise that there is such a thing as Mobile Security and that it may have an impact on your business or career.
  2. Define – Once you understand the applicability of Mobile Security for your business it is time to define what it really means in the context of your business processes and customer service deliverables.
  3. Measure – Identify how you measure and who measures what within the business and suppliers’ organisation to help you understand the performance of Mobile Security
  4. Analyse – It’s not enough to measure, you need to do something with the raw data. Analyse it and map it against KPIs and metrics or benchmarks that you’ve identified earlier in the Define step.
  5. Improve – Now is the time to improve the business processes surrounding Mobile Security. Take a structured approach to this improvement step and don’t try to do too much at the same time.
  6. Control – This level is all about the control you have over each step in the business processes. How can you control the trigger responses, the process activities, the deliverables and results to make the process predictable and controlled.
  7. Sustain – Now that we have control of the business processes surrounding Mobile Security it’s time to look into the way to sustain the results.

How can you use these questions? (being the subject Matter Expert)

There are a number of ways you can use the questions in the Self Assessment Toolkit. To be honest – the name says it all… Self Assessment.
Go through the questionnaire and randomly pick a couple of questions. Can you answer those questions for your current organisation without having to look for the answer online?

For Example:

Recognize – What is the underlying issue behind endpoint security and why is it becoming more difficult for companies to address it?

Define – Do the security policy and procedures clearly define information security responsibilities for all personnel?

Measure – How is the value delivered by Mobile Security being measured?

Analyse – Which users are working with the enterprises most sensitive data on mobile endpoints?

Improve – How much tolerance for risk do you have?

Control – Are all router, switches, wireless access points, and firewall configurations secured and do they conform to documented security standards?

Sustain – What are the most critical application security testing elements to add to CI/CD work ows?

These are just a small number of questions from a total of almost 1000 questions relating to Mobile Security.

You can also use these questionnaires to perform a self assessment with your team or with the stakeholders in the organisation. It is not a knowledge test, when you use these questions for your team or client you frame the question as follows:

In your belief, is the answer to the following question clearly defined

This will help with finding the gaps in the business processes and the assumptions made in relation to Mobile security in the organisation.

Going through these questions will unearth exactly what you don’t know about Mobile Security, especially in the context of your business (or your client’s organisation). And because you have a list of questions to choose from, you’ll be surprised at the un-expected gaps in your knowledge, understanding and definitions surrounding the business processes of Mobile Security.

Want to know more about the Mobile Security Self Assessment Toolkit? Check it out in our store.

In this 26 minute presentation Ivanka Menken (co-Founder of The Art of Service) walks you through a proven approach to find these gaps and how to use them to your advantage.

What question can I ask my team to improve our Help Desk Management?

Articles, Documents, Resource Hub, Standard Requirement Self Assessment Information

What is a great question to ask about Help Desk Management?

Effective and efficient Help Desk Management is important for a wide range of businesses and companies. Private and Public companies use Help Desks and Service Desks to stay in touch with their customers, Irrespective of them being for profit or not for profit. 

Running a smooth help desk is not just important for IT departments and companies, it is an important skill set for many different industries. A successful help desk creates improved customer satisfaction as well as an improved business image. After all, we all make mistakes and unforeseen things happen but it’s how you handle the impact is what separates the successful companies from their lesser counterparts.

That’s why this month (March 2019) one of the Self Assessment Toolkits is the Help Desk Management (Available for Silver and Gold Level Subscribers).

Let’s take a deep dive into this toolkit and how the questions help you to identify the effectiveness and efficiency of the Help Desk at your work (or your customer’s )

In this toolkit there are 3 different sets of questions:

  1. Checklists

The questions in the checklist are useful if you need a selection of questions in relation to Incidents, Management or Service. These checklists are specifically for those topics. For example, with your team you can go through the questions to identify if you’ve missed certain aspects of Incident management.
You can also use these checklists to quickly find areas where you can improve. These areas will be mostly around measurement, analysis and documentation. It’s one thing to be able to guess the answer to the question – the challenge is to find the correct and documented answer.

In this checklist you will find questions like:

  • What do outages and major incidents cost you?
  • How quickly are you responding to incidents?
  • Who has the ultimate responsibility in case of a cyber incident?

2) Self Assessment Questionnaire.

In STEP 2 you will find a PDF book with a full Self Assessment and an Excel Spreadsheet with up to 1000 unique and specific questions in relation to improving the management of a Help Desk.

The Self Assessment questions are organised based on the maturity level of the business processes in the organisation.

For the benefit of the Self Assessment questionnaires, we identified 7 levels of process maturity:

  • Recognise —> You recognise that Help Desk Management is a thing and that it may be of interest to you and your organisation.
  • Define —> Now that you know that you need to invest in a more robust Help Desk Management system you need to define what this means to you and your organisation. What are the timelines you accept for incident handling? What are the definitions of a customer, VIP customer etc.?
    This section is important to set the foundation for improvement projects down the track, ensuring you don’t waste time and money by implementing the wrong thing for the company.
  • Measure —> You have a Help Desk and a management system in place, but are you measuring the tasks and activities? How well do you document your measurements, and are you considering dependencies between measurements? To what level of granularity do you need to measure and report in relation to Help Desk Management?
  • Analyse —> Measuring is great, but the raw data doesn’t tell the story. What type of analysis do you perform around Help Desk Management?
  • Improve —> Now that you have an analysis of the measurements that you’ve taken about your Help Desk Management system you can start planning for your improvement projects. How can you implement ongoing and continual improvement as a second nature in all your processes? What needs to be done to achieve this?
  • Control —> Once you achieve this level of maturity it becomes all about controlling the input, the activities and the output. How can we control every step in the management system so we can proactively change course when we feel things are going off the rails?
  • Sustain —> The ultimate level of maturity and sophistication. It’s (relatively) easy to achieve a result once, but can you sustain this level of quality without negative side effects?

The questions in this questionnaire help you improve the Help Desk Management processes as you’re getting a deeper understanding of the process maturity across various areas in the organisation (or even between individuals). It helps to identify the gaps in knowledge, processes and documentation. 

You can use the questionnaire ‘as is’ to perform a Self Assessment in the organisation. Or you select a number of questions as the basis of an executive presentation or white paper to start a conversation about the Help Desk Management Processes that are currently in operation in the business.

You can also randomly select a question to use as a communication starter at your weekly meetings with the Help Desk team. 

NOTE: The questionnaire can be a bit overwhelming, especially when you’re looking at 1000 questions. It’s quite OK to cherry pick a number of questions from each section to have a more manageable sub-set of the questions to go through with your team. Also – make sure you mention to your team that they can skip questions they don’t understand or that don’t make sense in the context of the Help Desk you’re running in the company.

3) Implement, Track, Follow up and Revise Strategy

The questions in this section of the Self Assessment all focus on the implementation of Help Desk Management process activities and how to track the results. We recognise that most of our clients will use a specific project management methodology or toolset already in their organisation. But it never hurts to have a fresh look at the specific questions to ask at the different stages of an implementation project.

For example, as part to the Executing Process Group there are questions about change requests, quality audit, team performance assessment and Issue logs.


For example, in the Team Performance Assessment checklist you can find questions like:

  • To what degree can all members engage in open and interactive conversations?
  • How do you keep key people outside the group informed about its accomplishments?
  • To what degree are the goals ambitious?
Walk Through of the Help Desk Management Self Assessment Toolkit

Want the Help Desk Management Self Assessment Toolkit at 60% discount? Sign up as a The Art of Service Member.