ABSTRACT
As introduced above, organizational management provides the executive and leadership team with the oversight that is necessary to ensure the entire security program is meeting expectations. As such, this embodies a number of strategic and tactical elements of security management that are important to the overall program, and also support elements of security that are necessary but not addressed directly by other features. Moreover, organizational management has the responsibility of establishing a coherent security strategy, one that is supported by a mission statement, charter, and objectives. It is important because it defines the security organization’s identity to others, helps those within the security group to understand their role and the direction of the group, and acts as a reference when the group is challenged to take on something different that may or may not be in alignment with the intended role of the security group. Clearly, this goes beyond just the ASMA; it should be reflected at the strategic level so that the business can resonate with the service delivery identity of the group (Table 9.1 and Figure 9.1). Organizational management interconnect table
342ACTIVE FEATURE
AREA OF SECURITY FOCUS
PRIMARY FEATURE INTERLOCK (BENEFICIARY)
INTENT AND EXPECTATIONS
FEATURE INPUT
FEATURE PRIMARY PROCESS
SECONDARY FEATURE INTERACTION
TARGETED AREAS OF THE PROCESS
FEATURE OUTPUT
BENEFICIARIES OF OUTPUT
SUMMARY DESCRIPTION
Organizational Management
Risk Posture Management
Risk Management
Ensure that the overall program and all the features are contributing to the management of the risk posture
Results from the rapid risk assessment and related documentation provided to governance on the overall risk posture and methods for measuring and managing via security services
Perform an analysis of the findings and activities and how they are being applied by compliance and services management
Governance
A review of risk management’s rapid risk assessment processes and reporting standards to the other features, and the methods for monitoring risk posture in how services are executed
A report on the alignment of risk management’s activities to the intended role and the level of effectiveness and efficiency in monitoring and addressing dynamics in risk relative to feedback from services, compliance, and capability maturity management
Governance, Compliance Management
Organizational management must have an understanding of risk posture and the interpretations of risk relative to service delivery. This is needed for policy, standards, and resource management and to ensure risk management is performing as expected and collaborating effectively with other features
343Compliance Posture Management
Compliance Management
Ensure that the program and features are promoting compliance activities and meeting business demands for compliance and are being communicated effectively to customers
All the results from compliance management’s analysis of the other features, recommendations, activities, and methods for measuring compliance status
A review of compliance management processes, methods, interactions, reporting processes, and interactions with the other features
Risk Management
Compliance management’s processes and standards concerning management, reporting, tracking, and interactions, and includes specific methods for determining and monitoring improvements
A report on the overall management of compliance, compliance management’s adherence to processes, standards, and policy, role in the enforcement of compliance by collaboration with service and risk management
Governance, Risk Management
Assurance that the overall program is compliant and the security program is meeting expectations concerning corporate compliance to promote capacity and resource management
344Performance Improvement and Management
Capability Maturity Management
Gain awareness on the state of effectiveness and efficiency in the realization of policies and standards, and resource capability in delivery and management across the program
All the results from capability maturity management assessments, findings, improvement activities, and innovative approaches
A review of capability maturity management’s activities, processes, and improvements to processes, standards, tools, methods, and resources
Compliance Management
Focus on specific improvement and innovation activities and how these relate to measuring their impact on how security is applied and achieving stated program goals and objectives
A report on capability maturity’s effectiveness in promoting improvements and innovation within the security organization and in how services are defined, deployed, applied, tracked, and measured within the business
Governance, Risk Management, Compliance Management
In close collaboration with governance on the establishment of measurements and reporting concerning program performance and organizational integrity
345Policy and Standards Management
Compliance Management
Ensure tight collaboration on the regulatory demands, internally established expectations (policy), and program compliance
All compliance management’s activities across all the features in determining adherence to management practices and processes for standards and policy support and enforcement
An evaluation of compliance management’s role in assuring overall compliance to program standards and polices within the security program and how these resonate in service delivery and feature activities
Governance
Compliance management’s reports on organizational compliance, process compliance, risk and service management compliance and regulatory compliance, including processes for measurement, tracking, and monitoring
A report on the overall management of compliance activities and interactions with all the other features of the security program and the interpreted effectiveness in compliance activities in managing the posture of the organization and business
Governance, Risk Management, Capability Maturity Management
Ensure the alignment to program expectations and overall policy compliance and enforcement by working with services management and governance
346Services Management and Orchestration
Services Management
Work with services management in the identification of gaps and opportunities in the development and management of the service catalog and the necessary capabilities—skills, partners, etc.—in the delivery of services
Results from all the other feature interactions concerning a review and analysis of service catalog and orchestration of service models and types
An overall analysis of service structure and effectiveness in making necessary overall adjustments to the service catalog based on information from the other features
Risk Management
Working closely with governance, risk management, and capability maturity management, organizational management performs a customer-based review of service models drawing from performance, quality, risk, and capability, and capacity reporting
A report on the overall ability, effectiveness, and efficiency in incorporating demands from customers and inputs from other features in assuring the adaptation of service delivery methods to meet the goals and objectives of the security organization and the business
Governance, Services Management, Capability Maturity Management
Oversee and manage the service catalog, customer interactions, and quality management. Working closely with governance and services management to ensure expectations are met and performance is monitored
Organizational management interconnect process map. https://s3-euw1-ap-pe-df-pch-content-public-u.s3.eu-west-1.amazonaws.com/9780429119095/409415fb-1bab-459d-a330-4eccb1ed2335/content/fig9_1.tif"/>