350
Chapter 9 • Finally, We’ve Arrived
Activities
Description
Role
Start Activity
This workflow is automatically created on a timed interval, which notifies the IT Staff to initiate an incident review
Timer Process
Capture AV Metrics
The IT Staff updates the workflow instance by attaching the current metrics for the previous quarter. Once submitted this flows to the Review activity for approval
IT Staff
IT Manager Review (Decision)
The IT Manager makes the decision to approve or request actions or changes as necessary to achieve approval
IT Manager
IT Approve
If the IT Manager approves the incident IT Manager report the decision will be captured and the workflow will be directed to the end activity If the IT Manager wishes to request changes IT Manager these are recorded in the workflow instance, which is then routed to the Perform Changes activity
IT Request Changes
Perform Changes
The IT Staff performs any changes requested by the IT Manager. Once changes have been made this is resubmitted to the Review activity
IT Staff
End Activity
The End activity marks the workflow as complete
<none>
Quarterly File Permissions Review It is important to review the file permissions on your financial systems to make sure that there are no security holes in the current configuration. As shown in Figure 9.10, this workflow is designed to regularly make sure that only the persons who need to have access to these systems are defined in the access control lists, weeding out any staff changes as necessary. This is a somewhat generic workflow; it is up to you to determine what files need to be monitored and the methodology for reporting on the ACLs. This might be in the form of a script that checks for specific file permissions, or if you are storing data in a document management system such as KnowledgeTree, you would glean this information from the Web administration interface.