先祝大家牛年新年快乐!
借职场宝地项目招标,寻找贵公司派出小团队管理客户端1200+台server(负责一年或以上),做Server Security Health Checking,scope如下,非常routine的需要纪律性的工作,需要要有个负责人的管理好团队,协调好各方。希望竞标的朋友物美价不贵。有意者可致电/短信联系90117122; msn/email:
[email protected]谢谢。再祝牛年大牛!
Roles and Responsibilities of Security Health Check System Administrator
Roles of Health Check System Administrator
1.Monitor Account Security Calendar for server(s) health check window opening and expiry.
2.Plan schedule for performing security health check (by account).
3.Perform Server Security Health Check (via TSCM, Script or Manual Methods)
4.Collect security health check artefacts.
5.Upload collected artefacts into security calendar
6.Upload results into ECM (Enterprise Compliance Manager)
7.Inform Account System Administrator if Deviation is detected.
8.Raise CIRATS Issue record to track Deviation and Resolution of Deviation
9.Perform deviation remediation when informed by account system administrator that change request is approved.
10.Perform Server Security Health Check again on the servers that underwent remediation.
11.Ensure server(s) are security compliant and close the health check record.
Responsibilities of Health Check System Administrator
1.Ensure Server Security Health Check for Singapore is 100% complaint on a monthly basis
2.Ensure Server Deviation for Singapore is less than 1% on a monthly basis
3.Ensure Server Security Health Check is performed according to the latest version of the security checklist.
Abstract
The following is a high level summary of the expectations of the outsourced HC team.
Monitoring / Planning
The team is to consistently monitor the health check window and plan for server HC activities in bid to achieve the HC compliance due dates.
All HC should be performed in accordance to the frequencies as depicted in the Policy Implementation Manual of each account.
Health Check Status Uploading
The team is to collect all artefacts for each server that has had a health check performed.
All artefacts collected and HC result obtained must be uploaded to the Security Calendar and ECM respectively before the closure date of the health check window for that account/server.
Health Check Remediation
The team is to perform health check recommended fixes when the raised CR is approved.
Exceptions
Exceptions to this process can be obtained if the resulting occurrence to this process is likely to cause business impact to the customer.
Example. Performing a recommended remediation is likely to cause an application to fail.
________________________________________
Scope of Work – Server Security Health Checking Process
The scope of the server health check process in Singapore SSO is as follows:
1.Checking of Server(s) Health Check Opening/Expiry Window
2.Planning Health Check (HC) schedule for servers/accounts
3.Contact Account SA to raise Change Request for scanning/performing HC on servers (certain accounts only)
4.Ensure latest version of HC checklist is used. (Latest version can be obtained from the account System Administrators)
5.Perform HC scanning on servers (If step 3 was done, proceed only when CR is approved)
6.Validate and consolidate all server scan report.
7.Collect artefacts for each server.
8.Upload artefacts to Security Calendar and upload results into ECM.
9.If there are no deviations, go to step 14.
10.If there are deviations detected in the scan, contact account SA to raise a CR to fix the deviation – similar process to step 3.
11.Raise an Issue ticket in CIRATS Database to track this deviation to closure.
12.Upon change approval (raised in step 10), perform HC remediation.
13.Perform post remediation HC scan – repeat steps 5, 6, 7 and 8 for servers that had remediation performed.
14.Contact Account Security Focal Point to inform of Health Check Completion (inclusive of result and artifact uploading.)