0 Replies Latest reply on Jan 14, 2019 10:53 AM by Mahamadou Traore

    manage security incident with ITSM 18.05

    Mahamadou Traore

      Hi Folks,

       

      In our organization, we are planning to implement security incident. We are thinking of using the new AR security model starting from 9.1 (choosing support group for Application permission Model). Obviously we are assessing the impact of this since our security model was based to company. Changing from Company to support group may brought a lot of challenge that why we are still figuring out of the side effect of this to our customer, support team, etc. We have a lot of questions now and search for answers and experiences from other.

       

      With the support group model security, we would like to manage security incident like this.

       

      1. User (client, Customer, employee, etc.)  raise a ticket to service deskp
      2. After investigation, the service desk assigned ticket to security group
      3. Security Team decide the ticket should be treat as a '' Security incident''
      4. Security Team create a new ticket '' Incident security'' and assigne to them. Customer, contact and owner group of this new ticket are all related to them so it can't view by other.
      5. The original ticket (raise by user) is related to the security incident ticket. Only member of security team has access to the security incident ticket.

      Some challenges/difficulties we will expect to face are :

       

      • By default, we have created all users with ''unrestricted access'' in CTM:People Form. We have to update all those record. Can you update this field by using Spoon ?
      • What will happen to records created with the previous application security model (Company)?
      • Setting Application model to support group will limited the use of ITSM as a knowledge base. Support team can't see tickets that are not related to them.

      Considering these challenges, is a better to just create a filter to manage security incident? If yes, how can we achieve this?

       

      What others do the manage security incident in ITMS.

       

      Best Regards