CSIRT Management: Problem-tracking software

Security Strategies This newsletter is sponsored by Packeteer Give us 5. We'll give you $25. Spend 5 minutes on the phone with us and learn how to improve Microsoft services to remote locations and the new Packeteer(r) iShaper WAN technology that makes it possible. No pressure. No tactics. Just an honest assessment of how we can help & a $25 Starbucks gift card. Register today. Network World's Security Strategies Newsletter, 09/20/07 CSIRT Management: Problem-tracking software By M. E. Kabay As I mentioned in my last column, I am presenting three articles (this is No. 2) based on the work of some of my graduate students during class discussions in a course on computer security incident response team (CSIRT) management. What follows is another edited segment based on a summary written by students Mani Akella and Rick Tuttle. Today’s topic is help desk software. * * * Comprehensive Network Access Control The new wave of sophisticated crimeware not only targets specific companies, but it also targets desktops and laptops as backdoor entryways into business operations and resources. Network access control enables proper configuration and security of user endpoints before they are allowed access on the corporate network. Click here to download this whitepaper. Based on group postings, the most-used software for problem reporting and tracking is BMC Remedy Service Management by a fair margin. The group reported using other software, including Numara Track-It!, Support Magic, Help Box, Heat Service and Support, and Open Source Ticket Request System (OTRS). However, cohort members reported many issues with Remedy that make using it difficult at times. Part of the problem seems to be the number of interface options available for the product - normally a Good Thing. Some Remedy implementations lack a Web interface, limiting end-user input. Other postings decried the lack of an efficient GUI design; organizations have to customize their installation to fit their individual needs. One can interpret a lack of an efficient GUI design coupled with the capability to customize as both a feature and a flaw. It is a valuable feature because that BMC is responding to the wide variation in individual organizations’ needs; it is a challenge to create a single interface that meets everyone’s preferences. However, it is a flaw for small organizations that lack the workforce, ability, or desire to customize commercial off-the-shelf software, thus reducing Remedy’s marketability. One class member suggested that BMC could improve its usability and product acceptance by providing three templates: * Complete (today’s default) * A more specialized version for help desk and asset management * A single-screen help desk only for small outfits An interesting sub-discussion focused on a case where one IT manager disbanded the help desk after implementing user-facing help desk software. The manager’s expectation was that each user would use the software to report issues. He expected the software’s built-in triage function to route the issues to appropriate support teams. The manager believed that both users and IT staff would monitor system reports to track status. This perception eliminated effective service to those users who could not or would not use the software. This viewpoint also provided no capability for dynamic re-prioritization or a method to correct routing of misreported issues. * * * MK adds: The case of the disappearing help desk should remind readers to _test_ new approaches to operational problems before implementing them in production. The hopeful manager could have avoided some of the problems described above by running a pilot project with a few users instead of replacing the help desk outright. Preliminary findings could have prevented the fiasco and prevented a loss of credibility for the team. In the third and last part of this series, Mani and Rick summarize some interesting issues about triage and politics. * * * Mani Akella , CISSP, is President and Technical Director at Consultantgurus, a Bridgewater, N.J., organization focused on providing Information Assurance and Surveillance services to its clients. He can be reached via e-mail. His personal blog is here. Rick Tuttle is a project manager at Sasol North America Inc., a Houston chemical manufacturing company. He manages desktop software deployment, including security patches and updates, and supports the company’s business continuity and compliance efforts. Rick can be reached by e-mail.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. IBM targets Office with free productivity apps 2. Sprint launches home cells to boost signals 3. One less reason to adopt IPv6? 4. The Hell of Gateway's tech support 5. Cisco to buy wireless-management firm Cognio 6. Researchers flash personal aircraft, future jetpack 7. DST issues resurface for IT 8. A Nortel-3Com-Polycom combo vs. Cisco 9. Does 802.11n spell the end of Ethernet? 10. 10 IT management software companies to watch MOST-READ REVIEW: VM management tools tested

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by Packeteer Give us 5. We'll give you $25. Spend 5 minutes on the phone with us and learn how to improve Microsoft services to remote locations and the new Packeteer(r) iShaper WAN technology that makes it possible. No pressure. No tactics. Just an honest assessment of how we can help & a $25 Starbucks gift card. Register today. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007