All n One - Departments - Security

From All n One's bxp software Wixi

Jump to: navigation, search

1 Intro

So what does the All n One Security Department actually do?

They provide security, update and validate processes and procedures (including business continuity / disaster recovery).

2 Primary Weekly Program Focus

Of a year there 52 weeks. Breaking these into 13 rotations of 4 weeks.

2.1 Week 1: Maintenance

Monthly maintenance on all aspects of all infrastructure.

The infrastructure is viewed in depth to spot changes and possible shifts in data. These findings are documented and held to be compliant with ISO27001/COBIT processes. These checks include:

Disk Space, Back-ups stored, Anti-Virus Checks, System optimisation software check, Spyware Scan, Windows Update Checks, Installed program review.

2.2 Week 2: Training/Testing

The generation of self-development and company training from breaking industry news articles and new industry learning identified from work in all areas.

This process involves reviewing the latest aspects in IT security from online sources and reviewing how to mitigate against the latest threats. Findings made on data protection updates are also sent onto the rest of the team to keep them up to late with the latest data protection guidelines.

Testing is completed by Thomas Glennon and it includes a range of Vulnerability tests on the service and infrastructure for bxp. Testing is completed through the inbuilt tools in Kali linux and Qualys web scanners.

2.3 Week 3: Review

Formal security review of specific / general aspects of BeX for circulation to clients. Where possible review to outsource or automate the mundane / repetitive tasks.

The IT Security department review all maintenance/vulnerability testing completed during the month to this date. Any aspects that require any additional work to be completed are then ticketed and and actioned accordingly.

2.4 Week 4: Documentation

Internal write ups for Wixi or internal process / procedure improvement.

This is completed to allow the security department to comply with auditing procedures for the implementation of ISO27001/COBIT 5.0

3 Daily Breakdown Focus

Allnone security slots.png

Variable is for operational overflow, quality assurance of new solutions, potential security review of new code, review of security of implementations.

Program is for the "Primary Weekly Program Focus" as discussed above.

4 Daily Hour Schedule (1)

  • Backup: Did the backups run, review the sizes and make recommendations
  • Scheduled Tasks: Did the tasks actually run and for failures make recommendations
  • Space: Ensure we have space, on all drives, internally and externally. Trend growth. Make recommendations where necessary.
  • Log Review: A number of devices and services have logs. Build the repository, trend and make recommendations where necessary.
  • Hamster Review: Locate exceptions and make recommendations where necessary.

5 Rotating Daily Schedule (2)

  • Web: The web servers of BeX. Reviewing logs, setup and configurations with a reporting, 404 and customisation perspective.
  • Db: The database servers of BeX. Ensuring efficiency, slow log review, security and performance reviews.
  • Client: BeX Client and Configuration review. Examine client set ups and make recommendations where required. Developing a client rotation.
  • Office: The All n One offices in Ballymount. All aspects of security, backup and infrastructure and its security.

6 Strategic Deliverables

Identify and incorporate industry best practices in collaboration with all departments.

Work into all aspects of operations:

  • ISO 270001
  • Data Protection

Defining and refining All n One Security and Infrastructure processes and procedures

Assistance in defining and refining company SLAs