SPM: Leveraging BPM for Security Process Management

Information Security Process Software

Today’s Information Security professionals are constantly confronted with new and complex challenges, and agility has become a core requirement to battle today’s threats.  With numerous systems to manage the technical side of the security house, many organizations fall short when it comes to managing the “people-side” of the process.   Facilitating the human to system interaction, and tracking tasks can be challenging at best.  How do you ensure set processes are followed and accomplished in timely manner when that “Zero Day” threat is identified?   How do you make sure nothing falls through the cracks in testing during that post-firewall update?

In steps the Business Process Management(BPM) Platform, and below are 5 core areas IT departments can leverage in these systems to help narrow the gap and reduce risk:

  •  People and Process, Process, Process – creating a repeatable and standardized process that can be implemented, executed, controlled, tracked and audited is an absolute requirement in the security realm.  But how far can you take spreadsheets, email and meetings?  With BPM workflow, forms and reports, security process can be rapidly executed and tracked, minimizing any threat window of opportunity.
Security Process Management in K2
Firewall Update Task Assignments in K2
  •  Cross System Integration – In today’s world, even the simplest of tasks requires individuals to touch multiple systems.  The more automated we can make any process the better.  Take for example, the exit of an employee.  Accounts disabled, mailbox archived, building access revoked, external system access disabled, and on and on.  Active Directory, Exchange, Key FOB system, Dropbox are just a few of the systems that need to be managed.  With modern day BPM, a robust data and integration layer can provide a seamless workflow to immediately disable accounts.
  •  Consolidating the Interface – Having a single, consolidated interface to manage security operations and make timely decisions can be critical.   With “Smart Form” technology, multiple systems can be presented in a single information and decision making dashboard to provide the data required when it is needed.
  •  Communication – Assigning tasks and timely communication can be critical during any security operation or event.  With BPM, communications through email and text can be automated, and the assignment of tasks can be done through a consolidated worklist for teams, or through individual assignment.  Escalations can also be automated if tasks fail to meet a required timeline, and steps can be taken to adjust the process.
  • Audit and Reporting – With BPM, everything is tracked and can be audited.  Process data can be merged with other information to review any evolution, find weaknesses and improve the overall operation of any security team.  Real-time information through reports can also help managers identify issues immediately, and take action.

The video below is a quick overview of come of the use cases for BPM in Information Security:


These are just a few of the benefits a Business Process Management/Business Process Applications platform can bring to the table for any IT Security organizations.  See additional uses for IT Departments: ITPM – IT Processes Management