⚙️ Process & Workflows — Security Management

1. Information Security Risk Assessment

Click any step to expand · 6 steps

🗂️Asset Identification

Inventory all information assets: systems, data repositories, APIs, third-party integrations. Assign an asset owner.

Asset inventory registerAsset classification (Public / Internal / Confidential / Restricted)

🔍Threat & Vulnerability Analysis

📊Risk ScoringDECISION

🛡️Risk Treatment Selection

🔧Control Implementation

📡Monitoring & Review

Phase	Activities	Frequency
Discovery	Authenticated vulnerability scans (Nessus, Qualys, Tenable)	Weekly / On-change
Assessment	CVSS scoring, asset criticality weighting, exploitability check	Per scan
Prioritisation	Patch queue by severity × asset criticality	Per scan
Remediation	Patching via Change Management, config hardening, compensating controls	SLA-driven (see below)
Verification	Rescan to confirm fix; close ticket	Post-patch
Reporting	Mean Time to Remediate (MTTR) by severity, exception tracking	Monthly

Click any step to expand · 6 steps

🚨Detection & Alerting

SIEM, EDR, or user report generates a security alert. SOC Analyst L1 reviews and performs initial triage within 15 minutes.

Security event ticketInitial severity classification

🔒Containment

🔬Investigation & Forensics

🧹Eradication

♻️Recovery

📋Post-Incident Review

Schedule: Quarterly for privileged accounts; semi-annual for standard users
Extract: Pull current access assignments from IAM/directory
Distribute: Send recertification tasks to access owners via the ITSM tool
Review: Owner confirms "keep", "modify", or "revoke" for each entitlement
Enforce: Deprovisioning tickets auto-created for revoked access; completed within SLA
Report: Completion rate, exceptions, and overdue reviews reported to CISO

Metric	Target	Frequency
Mean Time to Detect (MTTD)	< 1 hour	Monthly
Mean Time to Contain (MTTC)	< 4 hours	Monthly
Mean Time to Remediate Critical Vulns	< 24 hours	Weekly
Patch compliance rate	> 95% within SLA	Monthly
Phishing click rate (simulations)	< 5%	Quarterly
Access recertification completion	> 98%	Quarterly
Security training completion	> 95%	Annual

Resource	Format	Download
Risk Register	Excel	⬇ Download
Cybersecurity Checklist	Word	⬇ Download

⚡ Digital Kimya — MENA & Europe

Our ITSM practitioners deliver ITIL 4 & 5 projects across ServiceNow, Jira SM, SMAX and BMC Helix — from initial assessment to full ESM deployment.

🚀 ITIL Implementation🔧 ITSM Platform Setup📊 Assessment & Roadmap🏭 Industry-Specific Projects

🌍 MENA & Europe🎯 ITIL 4 & 5 Certified🏢 6 Industries covered⚡ Assessment in 2 weeks