CIO OPINION
Capability maturity , case management and collaboration
The use of a CMM can help organizations avoid premature use of automation , and can be used to underpin decision-making as to which parts of operations require a higher degree of human agency or involvement .
All CMMs have five distinct levels : initial , repeatable , defined , managed and optimizing .
At the initial stage , processes may be new , undocumented and single-person dependent resulting in ad hoc execution . The immediate step is to document at least parts of the process so that they look repeatable , so they won ’ t be performed differently each time .
Security teams that automate prematurely often move from repeatable ( level two ) to optimizing ( level five ), skipping two important middle steps . They end up automating processes that are not yet standardized and that haven ’ t been proven capable from repeated use over time .
By following a CMM , teams can better define and test a process before attempting to automate it . Performing the interim steps may also lead teams in a different direction , which is likely to lead to a more judicious overall use of automation .
A collaboration and case management solution has a part to play in this , ensuring that the more peopledriven aspects of security operations are wellsupported and that the workflow of human-machine elements is mapped out and understood . In these solutions , teams set up repeatable workflows and playbooks for dealing with different types of alerts or incidents .
Detailed workflow mapping means everyone understands their contribution and the different skills of the team can be used effectively . The cognitive burden on senior responders is reduced by not having to remember everything , and less experienced team members can be more productive and independent . These process improvements lead to better , faster and more consistent security operations . p
46 INTELLIGENTCIO APAC www . intelligentcio . com