MPS Provider Best Practices: Security
Today’s Goals 1. Explain the Background, Intent, and Team that created these best practices 2. Walkthrough the document at a high level for you to understand the structure and methodology of presentation. 3. Provide a Q&A on any high level questions around the document and structure.
Standards and Best Practices Team • • • • • • • • •
Paul Pedersen, Guy Brown/Committee Chair Nelson Everette, Lexmark/Committee Co-Chair Ron Alphin, ABM Federal/ MPSA Board Executive Sponsor Anthony Reisinger, Exela Technologies Brian Anderson, Netaphor Bruce Talbert, Xerox Eric Crump, Ringdale Jason Moore, Supplies Network Simon Vermooten, Guy Brown
Introduction •
Background – Confronting the unknown – Why to start? – Where to start? – Who to start? – When to Start?
• Intent – Inform – Guide – Let you know you’re not alone
Where Do I find the Document? Document can be found on MPSA website behind your login under Resources tab - http://yourmpsa.org/MPSAResources
Document Structure – – – – – – – – – – – – –
Control Panel Lock Networking Security and Firmware Governance Service Engagement Policy Secure Document Disposal Services/Data Leak Protection Secure Device Disposal Security and Compliance Assessment Software Development/Secure Remote Management/Rights Management Secure Pull Printing Secure Workflow Print Drivers Cloud Print/APPS Security Reporting and Review
Recommendation & Conclusion
Document Structure continued • Cover Page – Title, MPSA Mission, and MPSA definition of MPS • Introduction – Background, Intent, and Focus & Scope Best Practices Sections – Format: Definition, Considerations, & Benefits • Hardware & Networking Section – – – – – – – –
•
Fleet Design/Policy Design Network Security Skills/Certifications Data Storage/Security and Hard Disk Configuration Firmware/Bios – Threat Detection USB Port Security Password Management Protocols
Software – – – – –
Security and Compliance Assessment Deployment / Management / Rights Secure Pull Printing / Workflow Print Drivers / Cloud Print Reporting
MPS SERVICE FRAMEWORK: MPS COMPONENTS AND HOW THEY FALL WITHIN ITIL FRAMEWORK
SECRUITY ALIGNMENT
MPS COMPONENTS
SERVICE STRATEGY • • • • •
Assessments Document Policy Business Requests Business Case Perfect Measurements • Financial Considerations • Sourcing Decisions
• Security and Compliance Assessment
SERVICE DESIGN • • • • • • • • • • • • • • • •
• • •
Geography Onsite Inventory Management Device Monitoring/ Management User Management Technical Skills MFG Support Warranty Equipment Contract Management SLA Development Sustainability Security Multi-vendor Support Fleet Design / Policy Design Rights Management / Secure Remote Management / Software Secure Pull Printing Secure Workflow Network Security Skills / Certifications
SERVICE TRANSITION • • • • • • • •
Device Installation Device Configuration Fleet Labeling Human Change Management Implementation Plan Communication Plan Testing & Validation Knowledge Base/FAQs
• Data Storage / Security and Hard Disk Configuration • Secure Device Disposal • User Training / (Change Management)
SERVICE OPERATIONS • Ticketing • Help Desk/Support • Exception Requests • Supply Fulfillment • Break/Fix • Monitor/Manage Devices • Policy Governance • Account Delivery • Management
CONTINUAL SERVICE IMPROVEMENT • Reporting • Billing • Optimize Fleet • Optimize Behavior • Process Improvement • Workflow Improvement
• Security and • Security Reporting Firmware Governance and Review • Secure Document Disposal Services / Data Leaks Protection
Examples
Thank you for Attending! Q&A For additional questions:
Paul Pedersen Paul.Pedersen@guybrown.com