There is also a major technology development component to the program. This development process can also inform the previously mentioned phases. So, if we add to our diagram the technology development process, as in Figure 1, we can see a parallel set of activities.
When the development of technology takes place in parallel with the organizational and procedural phases of the program, feedback must also inform upwardly, adjacently, and downwardly. Adjacently, policy development may inform engineers on how to design a system. Or, innovative design of the system may provide the ability to simplify procedures. We saw this in the previous chapter where a systems integration effort could have a major impact in simplifying incident and change management processes. Downwardly, a subtle policy change may make coding of the system much simpler by removing an unnecessarily onerous internal audit capability. A good example of this would be if the audit function required that every scan track each action taken by the system to detect vulnerabilities. This would be an ill-informed policy, because such recording activity would overwhelm any scanning software, hardware, or supporting network with audit information that would equal or exceed the actual vulnerability information discovered. It would be more effective to consider the vulnerability result data as audit information itself.
Often overlooked, upward feedback across disciplines is quite important. For example, the development of the VM program can cause a contradiction in policy to surface. Evidence of that contradiction can be fed back into the earlier policy development phase. For example, during VM program development, it may be discovered that a particular vulnerability is simply not found on the types of systems being scanned. So, a policy that requires all systems to be scanned for UNIX® shell vulnerabilities would not apply to the part of the business that relies solely on Microsoft applications. The policy would have to be modified with words such as “where appropriate.”
The feedback from the technology development program will inform the parallel organizational program. For example, the discovery of a feature in the VM system technology may affect the intrusion prevention capability in a positive manner. So, an enhancement of the intrusion prevention policy, technology, and related procedures may be necessary. Performing this function during the earlier planning phase will naturally integrate VM into other parts of the organization as well as identify where technical planning is required to integrate with the intrusion prevention system (IPS). However, not all good ideas occur before development. It is the job of the technology project manager to work with the team to determine whether such discoveries merit additional development effort.
In Figure 1, you can see how the technology development track of the program might work in conjunction with the overall program. Try moving in all directions and consider the scenarios under which one phase may inform another.
1 comments:
I started on COPD Herbal treatment from Ultimate Health Home, the treatment worked incredibly for my lungs condition. I used the herbal treatment for almost 4 months, it reversed my COPD. My severe shortness of breath, dry cough, chest tightness gradually disappeared. Reach Ultimate Health Home via their website at www.ultimatelifeclinic.com . I can breath much better and It feels comfortable!
Post a Comment