Access Management HS2016

Access Management
Access Management
Contents
1. PURPOSE ......................................................................................................................................................... 4
2. STRUCTURE OF THE DOCUMENT .................................................................................................................... 5
3. SCOPE ............................................................................................................................................................. 6
4. GENERAL ASSUMPTIONS ................................................................................................................................ 7
5. ACCESS MANAGEMENT FRAMEWORK ........................................................................................................... 8
5.1 Access Management Interactions ......................................................................................................... 8
5.2 Request Access ...................................................................................................................................... 9
5.3 Establish Identity ................................................................................................................................... 9
5.4 Open Ticket and Identify Category ...................................................................................................... 10
5.5 Validate Request based on Access Rules ............................................................................................ 10
5.6 Grant Access and Log Events ............................................................................................................... 10
5.7 Update Ticket ...................................................................................................................................... 11
5.8 Request Notification ........................................................................................................................... 11
5.9 Close Ticket ......................................................................................................................................... 11
6. ACCESS MANAGEMENT PROCESS ................................................................................................................. 12
6.1 Process Model ..................................................................................................................................... 12
6.2 Process Specification ........................................................................................................................... 13
6.3 Roles & Responsibilities ...................................................................................................................... 15
6.4 Sub Process- Establish Identity............................................................................................................ 17
6.5 Sub Process- Establish Identity Specification ...................................................................................... 18
6.6 Sub Process- Establish Identity Roles and Responsibilities ................................................................. 20
6.7 Sub Process-Open Ticket ..................................................................................................................... 21
6.8 Sub Process-Open Ticket Specification ............................................................................................... 22
6.9 Sub Process-Open Ticket Roles and Responsibilities .......................................................................... 24
6.10 Sub Process-Delegate to Other Processes .......................................................................................... 25
6.11 Sub Process-Delegate to Other Processes Specification ..................................................................... 26
6.12 Sub Process-Delegate to Other Processes Roles and Responsibilities ................................................ 27
6.13 Sub Process- Notify Requester ............................................................................................................ 28

2
Hartono Subirto 2016
Access Management
6.14 Sub Process- Notify Requester Specification ...................................................................................... 29
6.15 Sub Process- Notify Requester Roles and Responsibilities ................................................................. 31
6.16 Sub Process- Close Ticket .................................................................................................................... 32
6.17 Sub Process- Close Ticket Specification............................................................................................... 33
6.18 Sub Process- Close Ticket Roles and Responsibilities .......................................................................... 35
7. REFERENCE ................................................................................................................................................... 36
7.1 Business Rules ..................................................................................................................................... 36
7.2 Risk ...................................................................................................................................................... 36
7.3 Quality Attribute ................................................................................................................................. 37
7.4 Data Quality Dimension ...................................................................................................................... 37
7.5 Operation Policy .................................................................................................................................. 38
7.6 KPI ....................................................................................................................................................... 38
7.7 CTQ ...................................................................................................................................................... 38
7.8 Abstract Time-Scale............................................................................................................................. 39
7.9 SLA Terms ............................................................................................................................................ 39
GLOSSARY/ ACRONYMS ........................................................................................................................................ 40
APPENDIX A: BUSINESS PROCESS MODELING NOTATION REFERENCE ................................................................ 43
APPENDIX B: ACCESS CONTROL MATRIX TEMPLATE ............................................................................................ 47
3
Access Management
1. PURPOSE
The purpose of this document is to describe the Access Management process for the NOC
network operations that will grant authorized users access to NOC services, while
preventing access to non-authorized users.
Access Management is effectively implementation of authentication, authorization, privacy,

non repudiation and non malleability, in that it enables NOC to manage and regulate the
access to constituents of properly by maintaining high level of confidentiality, availability
and integrity.
4
Access Management
2. STRUCTURE OF THE DOCUMENT
The Access Management process document comprises the following chapters:
Chapter–3: Scope: This chapter describes the scope of the document and the Access
Management process.
Chapter–4: General Assumptions: This chapter describes the underlined assumptions made
for both the document and Access Management process.
Chapter–5: Access Management Framework: This chapter exhibits the interaction of Access
Management process with other related ITIL processes and also describes the high level
process sequence for Access Management based on ITIL framework.
Chapter–6: Access Management Process: In this chapter Access Management process and
sub processes (if any) will be depicted and specified using rigorous BPMN and process
specification templates.
Chapter–7: References: This chapter serves as a prime reference to Access Management

process and presents the details supporting it in tabular formats. The chapter describes
relevant Business Rules, Risks, Quality Attributes, Data Quality Dimensions, Operation
Policies, KPIs, CTQs, Abstract Time-scales and SLAs terms specific to Access Management
process.
The Access Management is supposed to be a living document and consists of various

variable values which would frequently evolve or change as NOC Access Management
process matures or changes.
5
Access Management
3. SCOPE
The scope of NOC Access Management process covers:
 People. This comprises of:
 NOC Staff
 NOC Operations Teams (Network and IT Functions)
 Maintenance Centre
 Suppliers
 Network Devices: This comprises of:
 Network Elements (Routers, Switches, Firewall, IDS, IPS)

 Data Centre Servers (within Network Operations)
The exhaustive description of NOC resources and infrastructure details are described in
following dedicated documents:
 NOC Staffing Plan for human resources

 NOC Technical documents for tools, systems, software
6
Access Management
4. GENERAL ASSUMPTIONS
The following are the general assumptions made for Access Management process:
 Only access related requests are processed
 Only authorized requesters raises access requests
 Access rules are already established and readily available to the process.
 The roles defined in all processes within this document can be attached to the existing
position e.g. Access Manager role, can be played by a Shift Manager. Also the
distribution of roles to positions is dynamically handled based on the dynamics of shifts,
availability of resources, knowledge, load, soft threshold breaches etc. For instance,
Capacity Manager role can be assigned in 1st shift to Problem Manager, and in the 2nd
Shift this might be assigned to the Access Manager.
 Any activity related assumptions are explicitly identified in related Process Specification
table in Chapter 6.
7
Access Management
5. ACCESS MANAGEMENT FRAMEWORK
5.1 Access Management Interactions
The following depiction shows the points of interaction of NOC Access Management
process with other related ITIL processes. The arrows moving into Access Management
process signify the inputs from the other processes to Access Management Process, and the
arrows moving out of the Access Management process signify the inputs from Access
management process to other related ITIL processes. All these processes depicted below are
defined in their own respective dedicated documents
Service Level
Management
Information
Security Change
management Management
SLA/ OLA
Access Rules & Policy changes
Configuration Access Incident

CMS information
Management Management Management
Request
Problem
Potential problems Service requests Fulfillment
Management
Management
The Access Management process comprises of following high level sequence of activities:
 Request Access
 Establish Identity
 Open Ticket and Identify Category
 Validate Request based on Access Rules
 Grant Access and Log Events
 Update Ticket
8
Access Management
 Request Notification
 Close Ticket
NOC Access Management process follows sequential steps mentioned below (Section 5.2-
5.9). Section 6.1 Process Model sheds more light on the flow of Access Management
process.
5.2 Request Access
The Access request can be raised by the following:
 Access Requester. This refers to NOC staff who can send in the access request to the
Service Desk through a call or via e-mail.
 Request Fulfillment Process. This refers to the access requests raised via Request
Fulfillment process.
 Change Management Process. This refers to the access request required by the
Change Management process.
It is important to notice that all sort of access requests: access addition, access amendment,
and access restrictions, can be raised via this Access Management process.
5.3 Establish Identity
Once the access request has been sent, before Service Desk initiates the process, identity of
the requester has to be verified and established. The identity of a requester is the
information that uniquely distinguishes requester as a valid individual and verifies his status
within the organization. Service Desk searches the customer database to accomplish this.
The customer database maintains up to date record of the users with their details and
current status. Since there may be a case when two or more users share a common piece of
information (E.g. they have the same name), identity is established via two pieces of
information. The prime piece of information would be Staff ID (in case the mode of request
is phone call) or the corporate email used (in case the mode of request is email) and the
second piece of information can be one of the following:
 Name
 Address
 Phone Number
 Email ID
 Other unique personal information
9
Access Management
For requests emerging out of other processes even though the identity establishment
happens in the parent process, it is advisable to re establish the identity.
5.4 Open Ticket and Identify Category
Once the user identity is authenticated, the next step is to open a ticket as per NOC
ticketing rules. The Service Desk opens a ticket for the request in the system, assigns Ticket
ID, fills in the require fields and identifies the category of the request made. If the request is
non-access related category, Service Desk identifies the relevant process it belongs to, and
notifies the requester.
5.5 Validate Request based on Access Rules

Once customer has been validated, it is important to validate the type of request being
made. NOC access rules group users together with same roles and assigns access privileges
to each group based on their job requirements. For e.g. Analyst who work on a specific class
of incident can be grouped as one Service Group so that access policy applied on the group
is inherited by all users in that group.
Access rules are maintained by Information Security Officer. The Information Security officer
on periodic basis compiles a function-wise list of all currently active User IDs and
communicates the list to respective stakeholders. It contains the following information for
each user:
 User ID;
 Current access and privilege levels;
 Number of days since last access; and
 Time period for temporary duration access
The Stakeholders reviews the current active user list and informs the Information Security
officer if there are any changes. More roles and groups that exist, it is more likely that the
role conflicts would happen. It is the responsibility of Information Security Officer to
carefully create roles and groups, so as to avoid roles conflicts. Access rules are managed by
establishing Access Control Matrix. Appendix A provides a template for access management.
The Access Manager decides whether the access request is valid or not based on the Access
rules. In case the request is not valid, the ticket is updated and the requester is notified
along with the justification for the rejection of the Access request.
5.6 Grant Access and Log Events
Once the Access request gets validated the request is processed. It is very important that all
the access to the systems should be logged and tracked. All User activities are logged and
routinely checked by Information Security officer to identify any abuse of access rights. All
the activities including the following are logged and reflected in the systems audit trails:
10
Access Management
 New User ID creation

 Privilege level changes
 Deletion of User ID
5.7 Update Ticket
Once the request had been performed the ticket gets updated on the progress.
5.8 Request Notification
For each access request, the ticket number and timeline is communicated and notified to
the requester. A periodical notification is sent to the requester on the status of request.
Upon completing the process, Service Desk informs the Access Requester via email and
telephonic call, and upon confirmation Service Desk closes the ticket.
5.9 Close Ticket
Before the formal closure the Service Desk confirms the category, makes sure that the
documentation is complete and conducts a brief customer satisfaction survey.
11
Access Management
6. ACCESS MANAGEMENT PROCESS
6.1 Process Model

Request Fulfillment Change Manager Access Requestor Service Desk Access Manager Security Officer
Periodic checks
Phone Call
Removal/ addition/ restriction
Customer Rules Up
Database to date
Removal/ addition/ restriction
Removal/ addition/ restriction Get request
Establish Identity
+
Identify Category
Access Validate Request Access
Related? Rules
Yes
No
Valid request
Open Ticket
+
Delegate to other
processes Valid
+
Invalid
Grant Access and
Log Events
Update Ticket
Notify Requester
default
For other processes
Close Ticket
12
Access Management
6.2 Process Specification
Specification Description
Summary/Purpose To grant authorized users the right to use a service, while preventing access
to non-authorized users.
Scope This is a Level 2 Process Specification.
Primary ITIL Reference Access Management- Service Operation
Related ITIL Practices Information Security Management Process, Service level Management,
Change Management, Availability Management, Incident Management.
 Information Security Management

Related Business Driver
 Compliance to security policy and procedures
Related Operational (Ref. 7.5)

Policies
Assumptions  Only authorized requester within NOC operations raises access request
 Phone Call
Trigger
 Email
Access Management
Basic Course of Event 1. Service Desk get request from NOC users, Change Management process
or Request Fulfillment Process.
2. Service Desk establishes identity of the access requestor by checking
customer database.
3. Service Desk identifies category of the request.
4. Upon identifying the request Service Desk opens access related ticket
5. Access Manager validates the request.
6. Access Manager grants access and log events.
7. Service Desk updates Ticket.
8. Service Desk notifies requester.
9. Service Desk closes the ticket.
10. End.
Alternative Path Request not Applicable
1. Service Desk delegates the request to other process.

2. Service Desk notifies requestor.
3. End.
Invalid Request
1. Service Desk updates Ticket.
3. Service Desk closes the ticket.
13
Access Management
4. End.
Access Rules (up to date)

1. Security officer periodically check the access rules are up to date.
2. These rules are used by Access Manager to validates request.
3. Access Manager grants Access and log Events.
4. Service Desk Updates Ticket.
6. Service Desk closes ticket.
7. End
Exception Path NA
Extension points  Incident Management Process
 Change Management Process
 Request Fulfillment Process.
Preconditions  Authorized user raising the request
 A genuine request
 NOC access rules and ticketing rules are available.
 Availability of necessary information
Post -conditions  Customer satisfaction survey record gets updated.
 Ticket gets updated
 Monitoring access status
Related Business Rules (Ref.7.1)
Related Risks RR-001, RR-002, RR-003, RR-004, RR-005, RR-006, RR-007(Ref.7.2)
Related Quality Attributes (Ref.7.3)
Related Data Quality (Ref.7.4)

Dimensions
Related Primary SLA Terms NA
Related KPIs (Ref. 7.6)
Related CTQs (Ref 7.7)
14
Access Management
Actors/Agents Access Requester, Request Fulfillment, Change Manager, Service Desk, Access
Manager, Security Officer
Delegation Delegation Rule -1: Agent Not Available

1. Delegate the task to the agent with same role
2. Update the task
3. Log the delegation
Delegation Rule -2: Agent Overloaded
1. Delegate the task to the agent with same Role

2. Update the task
Delegation Rule -3: Access request in non-business hours
1. Security officer role is delegated to the Access Manager

2. Update the task
Delegation Rule -4: Access validation and processing approval
1. Security officer role is delegated to the Access Manager

2. Update the task
Escalation Escalation Rule 1: Time to assignment exceeds escalation time
1. Escalate the status to Security Officer

2. Update the Status
3. Log the Escalation
Process Map Section 5.1
Process Model Section 6.1
Appendix A: Business Process Notation Reference

Other References Appendix B: Access Control Matrix Template
6.3 Roles & Responsibilities

Roles Responsibilities
Access Requester  Initiates access request via email or phone call.
 Confirms after access request fulfillment
 Provides Feedback.
15
Access Management
Request Fulfillment  Initiates access request via email.
Change Manager  Initiates access request via email.
Service Desk  Receives the access request
 Establishes the Identity
 Opens a ticket
 Selects the category of request
 Communicates the details to the customer
 Forwards to the NOC concern team
 Co-ordinates with internal team for processing
 Notifies Customer
 Closes Ticket
Access Manager  Validates the access request
 Processes the request and logs the events
Security Officer  Maintains access rules to validate the user request
 Assigns access grant tasks to IT Function
16
Access Management
6.4 Sub Process- Establish Identity
Request Fulfillment Change Manager Customer Service Desk
Phone Customer
Database
Primary ID/
Provide Credential Ask for credentials
Secondary Identity
Obtain Customer credentials

Primary ID/Secondary Identity
Primary ID/ Crendentials
Secondary Identity
Verify Credentials
Re- Provide Re- Provide Confirm secondary

Re- Provide Check Primary ID
Credentials Credentials identity credential
Credentials
Match not found

Match found?
Match Not found for
three occurrences
Match Found
Inform Requestor
Establish Identity
Inform Requestor
17
Access Management
6.5 Sub Process- Establish Identity Specification
Summary/Purpose To establish the identity of the user.
Scope This is a level 2 Process Specification.
Primary ITIL Reference Access Management- Service Operation Processes
Related ITIL Practices NA
Related Business Driver Authenticity of user
Related Operational NA
Policies
Assumptions  Information provided by customer database is correct and accurate.
 Email requests originate from authentic users.
 The communication between Service Desk and Requester is secure
 Phone call
Trigger
 Email(optional)
Establish Identity (Phone)
Basic Course of Event 1. Service Desk asks the phone caller for primary and secondary credentials.
2. Customer provides credentials to Service Desk.
3. Service Desk obtains identification credentials.
4. Service Desk verifies credentials from customer database.
5. Service Desk checks Primary ID and Secondary ID provided.
6. Service Desk establishes Identity upon match finding.
7. Service Desk informs Requestor.
8. End.
Establish Identity (Email)

1. Obtain identification credentials (email, name, position) from customer,
Request Fulfillment process and Change Management process.
3. Service Desk checks Primary ID and Secondary ID provided.
4. Service Desk establishes identity upon match finding.
6. End.
18
Access Management
Alternative Path Credential Not verified (match not found)
1. Customer re-provides credentials.

3. Service Desk checks primary ID and secondary ID provided.
4. Service Desk establishes identity upon match finding
6. End.
Exception Path Credential Not verified( three occurrences)
1. Service Desk Informs Requestor

2. End
Extension points Identify category
Preconditions Information provided by customer database is correct and accurate.
Post -conditions  The request emerging from users who are not authenticated is
terminated.
 Valid users are authenticated
Related Business Rules NA
Related Risks RR-004, RR-005 (Ref. 7.2)
Related Quality Attributes NA
Related Data Quality NA

Dimensions
Related KPIs NA
Related CTQs NA
Actors/Agents Customer, Service Desk, Request Fulfillment, Change Manager.
Delegation Delegation Rule -1: Service Desk Not Available
1. Delegate the Issue to additional agent with same Role

2. Update the Issue
19
Access Management
3. Log the Delegation

Delegation Rule -2: Service Desk Overloaded

2. Update the Issue
Escalation NA
Process Map 5.1
Process Model 6.4
Other References Appendix A: Business Process Notation Reference
6.6 Sub Process- Establish Identity Roles and Responsibilities

Customer  Provides necessary information credentials
Request Fulfillment  Provides necessary information credentials

Manager
Change Manager  Provides necessary information credentials
Service Desk  Obtains credentials.
 Checks Primary and secondary ID and verify identity
 Keeps the customer informed on the status
 For three occurrence of failure terminates the process
20
Access Management
6.7 Sub Process-Open Ticket
Request Fullfillment Change Manager Customer Service Desk
Valid Access Auto generate

Request Ticket ID
Access
Category
Access Ticket ID
Categorization rules
Access Priority
Change Access Prioritization

email
Record, rules
RFC Access request
date and Time
Access Requester
Access Requester
Requester details
Request
Record Establish
SLA/ OLA Time to finish
timeline
Access Description
Description
Resolution
Notify the
Requester
Current Status
Closure Time
and date
21
Access Management
6.8 Sub Process-Open Ticket Specification
Summary/Purpose Explanation of the sub process for opening Access Ticket
Accuracy of record
Related Business Driver
Policies
Assumptions  Access request has been correctly identified
 Access request information provided by customer is correct and accurate.
 Access requests emerging from Request Management, Change

Management, and Customer are accurate.
 Access categorization and prioritization rules already exist
Trigger Valid Access Request
Open Access Ticket

Basic Course of Event 1. Service Desk auto generates Ticket ID.
2. Service Desk assigns access category based on access categorization
rules.
3. Service Desk establishes access priority based on access prioritization
rules.
4. Service Desk identifies access request date and time
5. Service Desk fills in access requester details.
6. Service Desk establishes timeline based on SLA/ OLA.
7. Service Desk keys in access description from change record, request
record or customer phone call or email.
8. Service Desk assigns an analyst.
9. Service Desk opens record for the resolution.
10. Service Desk opens record for the current Status.
11. Service Desk opens record for closure time and date
12. End.
Notify Customer
22
Access Management
1. Service Desk identifies Ticket ID, Identity of request Owner, and timeline.
2. Service Desk notifies the requester.
3. End.
NA
Alternative Path
NA
Exception Path
Extension points Validate request
Preconditions NA
Post -conditions  Access record gets established.
 Customer / Requester gets notified on the expected timeline.
Related Risks RR-006 (Ref.7.2)

Dimensions
Related KPIs NA
Related CTQs NA
Actors/Agents Customer, Service Desk, Change Manager, Request Fulfillment.

2. Update the Issue

2. Update the Issue
23
Access Management
Escalation NA
Process Map 5.1
Process Model 6.7
6.9 Sub Process-Open Ticket Roles and Responsibilities

Customer Provides details on access description, access requester
Request Fulfillment Provides details on access description, access requester

Manager
Event Manager Provides details on access description, access requester
Service Desk Collects access information from customer, Request Fulfillment and change
manager.
Opens Ticket and populates the following fields from various sources:
 Access Date and Time
 Access Owner
 Establish Timeline
 Access Description
 Resolution
 Current Status
 Related Problem
 Closure Time and date
24
Access Management
6.10 Sub Process-Delegate to Other Processes
Service Desk
Non Access related
Event Problem Change Incident

Management management Management Management
25
Access Management
6.11 Sub Process-Delegate to Other Processes Specification
Summary/Purpose Explanation of the sub process for delegating non access request to applicable
process
Related Business Driver NA
Policies
Assumptions Correct identification that the request is not applicable to access

management.
Trigger Non access related request
Service Desk delegates to Problem Management or Event Management or

Basic Course of Event Change Management or Incident Management based on the event.
NA
Alternative Path
NA
Exception Path
Extension points Relevant process
Preconditions NA
Post -conditions Relevant process is selected.
Related Risks NA
26
Access Management

Dimensions
Related KPIs NA
Related CTQs NA
Actors/Agents Service Desk
Delegation NA
Escalation NA
Process Map 5.1
Process Model 6.10
6.12 Sub Process-Delegate to Other Processes Roles and Responsibilities

Identifies the happening as non access request and delegate to relevant
Service Desk
process.
27
Access Management
6.13 Sub Process- Notify Requester
Service Desk Customer Change Manager Request Fullfillment

ApprovedAccess
Non Access Request Request
Access Request
update Customer Record
Request
Record
Requestor contact Change

Obtain contact
details record
details
Email
Call the requester
NO
Confirm Confirm Confirm

Acceptance Acceptance Acceptance
Receive
Confirmation
Confirmation
received?
Yes
28
Access Management
6.14 Sub Process- Notify Requester Specification
Summary/Purpose Explanation of the sub process for notifying requester
Related Business Driver Customer satisfaction and validation of result.
Policies
Assumptions Protected means of communication exists between Service Desk and

Customer
Trigger Non Access request, Approved Access request, Access Request update
Notify Requester
Basic Course of Event 1. For non access request, access update and approved access request
Service Desk obtains contact details from customer or Change
Management process or Request management process.
2. Service Desk calls and /or emails customer.
3. The Customer, Change Manager, Request Fulfillment Manager confirms
acceptance.
4. Service Desk receives confirmation via email.
5. End
Alternative Path NA
Confirmation Not received

Exception Path 1. Service Desk obtains new contact details
2. Service Desk calls and /or emails customer
3. The Customer, Change Manager, Request Fulfillment confirms the
acceptance
4. Service Desk receives confirmation via email.
5. End
Extension points Close Ticket
29
Access Management
Preconditions NA
Post -conditions Customer confirms the receipt of notification
Related Risks NA

Dimensions
Related KPIs NA
Related CTQs NA
Actors/Agents Service Desk, Customer, Change Manager, Request Fulfillment.

2. Update the Issue

2. Update the Issue
Delegation Rule -3: Customer Not Available
1. Identify alternate contact

2. Update the Issue
Escalation NA
Process Map 5.1
30
Access Management
Process Model 6.13
6.15 Sub Process- Notify Requester Roles and Responsibilities

Customer Receives the notification and confirms the acceptance
Change Manager Receives the notification and confirms the acceptance
Request Fulfillment
Receives the notification and confirms the acceptance
Manager
 Obtains contact details of the requester.

Service Desk
 Calls and /or emails requester to update on the Access request , if the
receipt is not confirmed, rechecks the contact details and resend the
notification
 Receives confirmation
31
Access Management
6.16 Sub Process- Close Ticket
Service Desk Customer Change Manager Request FulFillment
Access record
Requester Notified
Verify Category
Category ok?
Update
YES
Access record
Check
Documentation
Documentation Update
ok?
YES
Conduct Send Feedback Send Feedback Send Feedback

Satisfaction
Survey
Update Access
Survey record
Information
Formal closure Update Ticket status
Access record
32
Access Management
6.17 Sub Process- Close Ticket Specification
Summary/Purpose Explanation of the sub process for closing access ticket
Related Business Driver Integrity and accuracy of records
Policies
Assumptions Secure communication exists between Service Desk and Customer
Trigger Requestor notified
Close Ticket
Basic Course of Event 1. Service Desk verifies category.
2. Service Desk checks documentation.
3. Service Desk conducts satisfaction survey via email.
4. Customer or Change Manager or Request Fulfillment sends feedback via
email.
5. Service Desk updates access information.
6. Service Desk closes the request formally.
7. End.
Alternative Path NA
NA
Exception Path
Extension points NA
Preconditions Access request has been entertained.
Post -conditions Formal Closure of the access request.
33
Access Management
Related Risks RR-007 (Ref.7.2)

Dimensions
Related KPIs NA
Related CTQs NA
Actors/Agents Service Desk, Customer, Change Manager, Request Fulfillment

2. Update the Issue

2. Update the Issue
Delegation Rule -3: Customer Not Available
1. Identify alternate contact

2. Update the Issue
Escalation NA
Process Map 5.1
Process Model 6.16
34
Access Management
6.18 Sub Process- Close Ticket Roles and Responsibilities

Receives customer satisfaction survey and after evaluation of the service sends
Customer
it to Service Desk.
Receives customer satisfaction survey and after evaluation of the service sends
Change Manager
it to Service Desk.
Request Fulfillment Receives customer satisfaction survey and after evaluation of the service sends
Manager it to Service Desk.
Service Desk  Checks whether the category has been correctly identified.
 Verified the documentation, if the documentation is not updated updates
it.
 Conducts satisfaction Survey (email) and updates the survey record
 Formally closes the ticket and access request.
35
Access Management
7. REFERENCE
This chapter serves as a prime reference to Chapter 6 and presents the details supporting
Chapter 6 in tabular formats. This chapter consists of various variable values which would
frequently evolve or change as NOC Access Management process matures or changes.
At minimal this document would be updated by NOC operation team biannually. However,
if need arises this document may be updated earlier than its prescribed revision period.
7.1 Business Rules
BR ID Description Context Rule Source
BR-001 A new ticket will be opened if the requester Business NA NA

dispute on the outcome of the previous access of
the request. The old tickets would be null and
void.
7.2 Risk
Risk ID Description Source Severity Status Resolution

Level
RR-001 Service Desk email can undergo a TBD High NA To put spam
SPAM attack, resulting in its control system,
unavailability or least bad and furthermore
performance. provide redundant
infrastructure for
emails.
RR-002 For a group of supplier a single TBD Medium NA To have a policy to

ID is created. This same ID is allocate each
shared between different users temporary
suppliers and external users. username and
password, and
monitor its
activity.
RR-003 System down. TBD High NA To have a paper

record of the
access matrix to
enable
verification.
36
Access Management
RR-004 The mechanism to identify the Establish Low NA The Service Desk
Fraudulent calls made by insider identity line should be a
users is not in place. direct number and
all the call logs to
Service Desk
should be logged
and periodically
run through.
RR-005 Service Desk email can undergo a Establish medium NA Service Desk
SPAM attack, resulting in its identity should have a
unavailability or least state of the art
performance. anti spam
solution.
RR-006 The ticketing System for the Open High NA There should be a
organization is down. Ticket ticketing
procedure to
handle access in
case the ticketing
system is offline
RR-007 The analyst closes the ticket Ticket High NA Analyst should not
before the problem was settled. Close be provided with
any capability to
close the ticket.
7.3 Quality Attribute
QA ID Description Threshold
QA – 001 Authenticity TBD
QA - 002 Non-Repudiation TBD
7.4 Data Quality Dimension
DQ ID Description Threshold
DQ – 001 Timeliness TBD
37
Access Management
7.5 Operation Policy
Policy ID Description Context Importance (1-5)
OP-001 One Service Desk agent per shift Shift TDB
OP-002 Security officer is available only in business Shift, Non working TDB
hours days
OP - 003 Temporary User IDs are provided to occasional Operations TDB

staff or contractors/suppliers. The Temporary
User ID is configured to expire automatically
after the stipulated period as defined during
User ID creation.
7.6 KPI
Name Acronym Description Context Importance Soft Hard

Threshold Threshold
Access ARR The number of NA TBD TBD TBD

Rate access requests per
Request day (24 hours)
Access AVR Access request NA TBD TBD TBD

Violation being violated per
Rate month
Access ACR Access changed per NA TBD TBD TBD

Change month
rate
Note: the above section refers to internal KPIs, which would be managed and monitored by
Access Manager as per the timescale mentioned in the respective KPI.
7.7 CTQ
Name Acronym Description Context Importance Soft Hard

Threshold Threshold
Access ARRV Standard NA TBD TBD TBD

rate deviation of ARR
Request
38
Access Management
variation
Access AAVRV Standard NA TBD TBD TBD

Violation deviation of AVR
Rate
variation
Access ACRV Standard NA TBD TBD TBD

Change deviation of ACR
rate
variation
7.8 Abstract Time-Scale
Name Acronym Description Quantification
Maximum time to MTCT The maximum time allowed to close the ticket, if TBD
close ticket no feedback received from requester
7.9 SLA Terms
SLA ID Description Context KPI CTQ
TBD TBD TBD TBD TBD
39
Access Management
GLOSSARY/ ACRONYMS
Terminology Description
Abstract Time Scale Time Scale that will be quantified both during operations and continuous
process improvement. These time identifiers are correlated with the soft
thresholds that are dynamically specified during life span of the process.
Access Refers to the level and extent of a service functionality or data that a user is
entitled to use.
Access Request Closure A formal closure of the ticket by the Service Desk after fulfilling request and
confirmation from the requester
Access requester They are the authorized users within the network operations who require
access to network information and systems. Requesters include THE OPERATOR,
NOC, MC and Suppliers.
ACR Access Change Request
ACRV Access change request variation
ARR Access rate request
ARRV Access rate request variation
AVR Access Violation Rate
AVRV Access violation rate variation
BPMN Business Process Modelling Notation
Business Process Modelling Notation is the practice of documenting an

organisation key business processes in a graphical format.
Business Rules Business Rules are intended to assert business structure or to control or
influence the behaviour of the Business. Business rules describe the operations,
definitions and constraints that apply to an organization
CTQ Critical to Quality
Critical To Quality (CTQ) is continuous measuring and monitoring tool agreed
40
Access Management
between the internal processes to achieve greater customer satisfaction.
Data Quality The totality of features and characteristics of data that bears on their ability to
Dimensions satisfy a given purpose
Identify Refers to the information about users that distinguishes them as an individual
and which verifies their status within the organization. By definition, the Identity
of a user is unique to that user.
Iqama Identification card for Foreign workers in Kingdom of Saudi Arabia.
ITIL Information Technology Infrastructure Library
The Information Technology Infrastructure Library (ITIL) is a set of concepts and

practices for Information Technology Services Management (ITSM), Information
Technology (IT) development and IT operations
KPI Key Performance Indicator
A metric that is used to help manage a process, IT service or activity. Many

metrics may be measured, but only the most important of these are defined as
KPIs and used to actively manage and report on the process, IT service or
activity. KPIs should be selected to ensure that efficiency, effectiveness, and cost
effectiveness are all managed.
MC Maintenance Centre
THE OPERATOR Ministry of Interior
Network Modernization
NOC Network Operations Centre
NMS Network Management System
Operational Policy Rules defined to operate the process.
Quality Attributes Quality attributes are non-functional requirements used to evaluate the
performance of a process.
Risk A possible event that could cause harm or loss, or affect the ability to achieve
Objectives. A risk is measured by the probability of a threat, the vulnerability of
41
Access Management
the asset to that threat, and the impact it would have if it occurred.
Rights Rights or privileges refer to the actual settings whereby a user is provided access
to a service or group of services. Typical rights, or levels of access, include read,
write, execute, change, delete.
SLA Service Level Agreement
An Agreement between an IT Service Provider and a Customer. The SLA

describes the IT Service, documents Service Level Targets, and specifies the
responsibilities of the IT Service Provider and the Customer
42
Access Management
APPENDIX A: BUSINESS PROCESS MODELING NOTATION REFERENCE
INTRODUCTION
Business Process Modelling (“BPM”) is the practice of documenting an organisation key

business processes in a manner which:
 is highly graphical
 focuses on business terminology rather than technical
 allows all business steps/tasks to be included, not just those which involve a computer
system.
Below is a mention of various concepts of BPMN with the relevant definition and graphic
notation.
PROCESS START
All processes have to start somehow, general notation for a process models
commence with the START event, is a circle.
One can use simply the basic unmarked start event as above, or one of the different types of start
event, to provide more detail as described below.
If a process starts when some sort of message arrives, mail, email, text. Following Message start
notation can be used
If a process starts by virtue of the passage of time – e.g. TIMER Start

1st Jan review or 4 days after the purchase order is sent, following notation can be
used
If the process starts when a rule/condition is met – e.g. RULE Start

when Incident Impact is more than 100,000.
If a process starts when another process finishes. Following notation can be used LINK Start
If there is more than one ‘trigger’ for a process to start. Following notation can be MULTIPLE Start
used
43
Access Management
TASK AND SUB PROCESS

Task Task is a lowest level activity in a process map. A
task is used when the work is not broken down to a
finer level of detail
Sub A Sub-process is a compound activity which can be
Process broken down into finer details.
Loops Loops task or sub process continues to iterate until

the loop condition is true. Review
INTERMEDIATE EVENTS
Following
notation can be
used to display
BASIC MESSAGE TIMER RULE LINK MULTIPLE
the intermediate
event, similar to
start and end
events.
PROCESS END
All processes have to end somehow, general notation for a process models end will be
a circle with a solid line.
One can use simply use the basic end event as above, or you can use one of the different types of
end event, to provide more detail, as described below:
If a process ends by something being sent via a message of some sort e.g., mail, email, MESSAGE
document, following notation can be used. End
If the end of this process causes the start of another, following notation can be used. LINK End
If more than one consequence of the process ending, following notation can be used. MULTIPLE
End
44
Access Management
SWIMLANES
A Pool represents a participant in a

Process. It is also acts as a
Pool “swimlane” and a graphical
Name
container for partitioning a set of
activities from other Pools
A Lane is a sub-partition within a
Pool and will extend the entire
Lane length of the Pool, either vertically
Name
or horizontally. Lanes are used to
organize and categorize activities.
CONNECTORS
A Sequence Flow is represented by a solid line with a solid

arrowhead (see the figure to the right) and is used to show
Sequence Flow the order (the sequence) that activities will be performed
in a Process.
A Message Flow is represented by a dashed line with an
open arrowhead (see the figure to the right) and is used to
Message Flow show the flow of messages between two separate Process
Participants. In BPMN, two separate Pools in the Diagram
will represent the two Participants.
ARTIFACTS
The ANNOTATION shape is used to add comments to a This is some text which
Annotation helps explain something
process model. It consists of text in a square left bracket about the model
A data object represents a piece of data which is required or

Data Object
produced by the process eg. Customer details, output.
A grouping is purely for documentation or explanatory

purposes. It has no impact on the model. It consists of a
Group
rectangle with dashed lines and rounded corners, usually
enclosing other objects.
45
Access Management
GATEWAYS
The values of the process are examined to determine

Exclusive which path to take
Each branch will be evaluated and will not stop when

Inclusive one branch condition becomes true.
Provides a mechanism to synchronise parallel flow and

Parallel to create parallel flow.
46
Access Management
APPENDIX B: ACCESS CONTROL MATRIX TEMPLATE
Access control matrix is a list of permissions given to roles for accessing an object (file
/module). Access control matrix serves a good medium to identify who can access what, and
to what level and hence establishes a means of control in an environment.
Role Service group Modules Read (Y/N) Write (Y/N) Delete Remarks
Accessible
47

Access Management HS2016

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Access Management HS2016

Загружено:

Авторское право:

Доступные форматы

Access Management

2. STRUCTURE OF THE DOCUMENT .................................................................................................................... 5

4. GENERAL ASSUMPTIONS ................................................................................................................................ 7

5. ACCESS MANAGEMENT FRAMEWORK ........................................................................................................... 8

5.1 Access Management Interactions ......................................................................................................... 8

5.2 Request Access ...................................................................................................................................... 9

5.3 Establish Identity ................................................................................................................................... 9

5.4 Open Ticket and Identify Category ...................................................................................................... 10

5.5 Validate Request based on Access Rules ............................................................................................ 10

5.6 Grant Access and Log Events ............................................................................................................... 10

5.7 Update Ticket ...................................................................................................................................... 11

5.8 Request Notification ........................................................................................................................... 11

5.9 Close Ticket ......................................................................................................................................... 11

6. ACCESS MANAGEMENT PROCESS ................................................................................................................. 12

6.1 Process Model ..................................................................................................................................... 12

6.2 Process Specification ........................................................................................................................... 13

6.3 Roles & Responsibilities ...................................................................................................................... 15

6.4 Sub Process- Establish Identity............................................................................................................ 17

6.5 Sub Process- Establish Identity Specification ...................................................................................... 18

6.6 Sub Process- Establish Identity Roles and Responsibilities ................................................................. 20

6.7 Sub Process-Open Ticket ..................................................................................................................... 21

6.8 Sub Process-Open Ticket Specification ............................................................................................... 22

6.9 Sub Process-Open Ticket Roles and Responsibilities .......................................................................... 24

6.10 Sub Process-Delegate to Other Processes .......................................................................................... 25

6.11 Sub Process-Delegate to Other Processes Specification ..................................................................... 26

6.12 Sub Process-Delegate to Other Processes Roles and Responsibilities ................................................ 27

6.13 Sub Process- Notify Requester ............................................................................................................ 28

6.14 Sub Process- Notify Requester Specification ...................................................................................... 29

6.15 Sub Process- Notify Requester Roles and Responsibilities ................................................................. 31

6.16 Sub Process- Close Ticket .................................................................................................................... 32

6.17 Sub Process- Close Ticket Specification............................................................................................... 33

6.18 Sub Process- Close Ticket Roles and Responsibilities .......................................................................... 35

7.1 Business Rules ..................................................................................................................................... 36

7.2 Risk ...................................................................................................................................................... 36

7.3 Quality Attribute ................................................................................................................................. 37

7.4 Data Quality Dimension ...................................................................................................................... 37

7.5 Operation Policy .................................................................................................................................. 38

7.6 KPI ....................................................................................................................................................... 38

7.7 CTQ ...................................................................................................................................................... 38

7.8 Abstract Time-Scale............................................................................................................................. 39

7.9 SLA Terms ............................................................................................................................................ 39

GLOSSARY/ ACRONYMS ........................................................................................................................................ 40

APPENDIX A: BUSINESS PROCESS MODELING NOTATION REFERENCE ................................................................ 43

APPENDIX B: ACCESS CONTROL MATRIX TEMPLATE ............................................................................................ 47

Access Management is effectively implementation of authentication, authorization, privacy,

2. STRUCTURE OF THE DOCUMENT

The Access Management process document comprises the following chapters:

Chapter–7: References: This chapter serves as a prime reference to Access Management

The Access Management is supposed to be a living document and consists of various

The scope of NOC Access Management process covers:

 People. This comprises of:

 Network Devices: This comprises of:

 Network Elements (Routers, Switches, Firewall, IDS, IPS)

 NOC Staffing Plan for human resources

 Only access related requests are processed

 Only authorized requesters raises access requests

5. ACCESS MANAGEMENT FRAMEWORK

5.1 Access Management Interactions

Configuration Access Incident

 Open Ticket and Identify Category

 Validate Request based on Access Rules

 Grant Access and Log Events

5.2 Request Access

The Access request can be raised by the following: