Streamlining a complex cybersecurity intake process
Snapshot
A large credit union reached out to Kalles Group needing a way to organize their complex cybersecurity intake process. As a large company serving more than 1 million members, this client had multiple cybersecurity teams but no consistent method for employees to engage with cybersecurity teams on new projects and releases. Because of this, many projects did not receive the necessary reviews and approvals on time, delaying release dates and negatively impacting the overall business. Kalles Group helped this client develop a streamlined Cybersecurity Intake Process to consolidate and manage cybersecurity service requests, ensure on-time approvals, and meet critical launch deadlines.
Challenge
Without a standard process for engaging cybersecurity teams, many cybersecurity requests came in ad hoc via the IT Help Desk, emails, and walk-up requests. Additionally, many tools were in flux but there was no single, agreed-upon intake system. Some cybersecurity services were listed in the company’s ServiceNow Service Catalog, while other services didn’t appear there at all, and many didn’t contain information recommended by the National Institute of Standards and Technology (NIST). This created a process that felt very disjointed and often contributed to missed deadlines across the organization.
Approach
Kalles Group first launched a comprehensive review of all existing tools and procedures to assess whether they could easily modify the current procedures to support the new intake process, or if creating new systems would be a better approach. Kalles Group took a complete inventory of the client’s cybersecurity services and documentation, the various methods employees used to request cybersecurity services, all ServiceNow service catalog items, and any other cybersecurity requests not listed in the catalog.
Results
After reviewing the existing tools, procedures, and documentation, Kalles Group created new SharePoint libraries to migrate all data relating to cybersecurity services from disparate sources into a single Cybersecurity Services Inventory List, reviewing and revising more than 130 service offerings and adding NIST best practices.
Second, Kalles Group developed an intake questionnaire for project stakeholders so everyone could align around services and timelines. Kalles Group implemented a weekly Delivery Management meeting, ensuring project sponsors and cybersecurity teams could proactively address any unexpected security concerns.
Third, Kalles Group helped build a Cybersecurity Portal to allow users a single, consistent way to engage with cybersecurity teams. Kalles Group also helped establish a roll-out plan to inform employees about the new portal and intake process.
Lastly, Kalles Group developed a scorecard measuring trends and improvement across metrics such as first contact resolution, cost per intake delivery meeting, meantime to complete intake services, average cost per intake request, percent of intake requests completed within SLA, and customer satisfaction.
The new Cybersecurity Intake Process is now widely accepted across the organization as the primary, authoritative source for requesting cybersecurity services from multiple cybersecurity teams. Historical data is trending downward for cost and upward for efficiency and SLA adherence. Additionally, since Kalles Group launched the intake process and Delivery Management meetings, there has not been one instance when a project did not have the required reviews and approvals by launch date. Successfully managing the security concerns early in the project life cycle allows this client to have a highly-functioning intake process, more effective cybersecurity teams, and less security risk for the entire company.