become-itil-foundation-certified-abhinav-kaiser(www.ebook-dl.com)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 7 ■ Service Operations<br />
• Comply with the request fulfillment management process<br />
controls in providing, revoking, and changing accesses<br />
• Ensure users’ access is not exploited or improperly used<br />
7.5.5.2 Scope of Access Management<br />
Access management’s scope covers the length and breadth of IT services provided to the<br />
customer and its related <strong>com</strong>ponents. For examples, if the service offered to a customer<br />
is related to financial services, this includes all access to applications that fall under<br />
the financial services, access to administration of servers and switches that enable the<br />
service, access to security bays, among others.<br />
Access management is usually a part of the request fulfillment process. It is highly<br />
unlikely that people would be deployed just to provide access. Access management<br />
activities will be grouped with other service request fulfillment activities, and the groups<br />
that fulfill service requests will be given the responsibility for providing access as well.<br />
Providing access manually is be<strong>com</strong>ing rare and could soon <strong>be<strong>com</strong>e</strong> a thing of the<br />
past. Access is grouped with the roles in the organization, and assignment of various roles<br />
by the human resources department will automatically provide access. This is possible<br />
through the identity management tools that integrate with various applications through<br />
plug-ins and are powered to provide and revoke access based on the assigned roles.<br />
Access also <strong>com</strong>es in different flavors. Generally, you have the following accesses<br />
<strong>com</strong>monly assigned:<br />
• Read only access<br />
• Modify access<br />
• Create access<br />
• Super user access (includes deletion)<br />
• Administrator access<br />
The scope for providing, altering, and revoking access is derived from the<br />
information security policy and process. As I discussed under the information security<br />
management process, the process strictly adheres to confidentiality, integrity, and<br />
availability parameters. However, the access management process is only responsible for<br />
the confidentiality part of information security.<br />
7.6 Functions<br />
In Chapter 1 I briefly discussed the concept of functions and how they interface with<br />
processes. To reiterate, think of functions as a team or group of people who carry out<br />
process activities. In the IT industry, there are generally several teams: Unix team, Wintel<br />
team, SAP team, JAVA team, and Network team, to name a few. Each of these teams has a<br />
function, and their work is driven through processes. For example, the network team will<br />
work on incidents when a network incident is detected. And they also work on network<br />
changes, say if a switch is getting replaced.<br />
190