CSA’s Enterprise Architecture: Information Technology Operation & Support
Blog Article Published: 05/19/2023
Written by CSA’s Enterprise Architecture Working Group.
The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess opportunities for improvement, create road maps for technology adoption, identify reusable security patterns, and assess various cloud providers and security technology vendors against a common set of capabilities.
This blog describes the second of four domains from CSA’s Enterprise Architecture: Information Technology Operation & Support (ITOS). Read about the first domain here, and check back for subsequent blogs on domains three and four.
Simply put, Information Technology Operation & Support (ITOS) describes the IT Department. It is the help desk that takes the call when a problem is found, coordinating and rolling out the changes in the middle of the night. It is the planning and process that keep the systems going even in the event of a disaster.
ITOS outlines all the necessary services an IT organization will have to support its business needs. This domain provides alignment of industry standards and best practices (PM BOK, CMMI, ISO/IEC 27002, COBIT, and ITIL v3).
An employee receives a suspicious email, which they think may contain a malware program. They notify the help desk of the incident. The help desk opens a security incident, and a response team works to block the sender, identify other affected users, and restore any damage that may have been done.
IT Operation: IT Operation defines the organizational structure, skill requirements of an IT organization, and standard operational management procedures and practices to allow the organization to manage an IT and associated infrastructure.
Service Delivery: Service Delivery deals with technologies essential in maintaining uninterrupted technical service. Services in this category include those more appropriate to technical staff, such as availability management, service level management, service continuity, and capacity management.
Service Support: Service Support is focused on the users and is concerned with ensuring they have access to the appropriate service to support business functions. It is the entry point for service requests, and is the single contact point for customers to record their problems.
Incident Management: Architectural patterns for incident management include services for trouble ticketing and incident classification. Incidents begin as a phone-in incident from a human, a detected error in the environment, or via incident messaging from another application.
Problem Management: Problem Management deals with the incident after it has started to cycle through the remediation process. It offers advanced root cause analysis tools and technologies, and interfaces with the information repositories to perform trending and prevention services.
Knowledge Management: Knowledge Management accumulates root cause solutions or information regarding how incidents were solved. Once the knowledge is collected, it is transformed into FAQs or Self-Service Capabilities that the user and technical support communities can reuse to resolve IT services issues.
Release Management: The Release Management architecture is the set of conceptual patterns that support the movement of pre-production technical resources into production. This includes all the activities that are necessary to prove that a particular resource is appropriate for the technical, business, and operational environments and does not exceed a risk profile for a particular task.
Relation to Other Domains
The use of ITOS analytic services such as data warehousing, data marts, and common operational data stores are key to enable an effective business operation service.
- ITOS supports the Business Operation Support Service to maintain tactical and strategic alignment between the business and IT.
- ITOS implements Presentation, Application, Information, and Infrastructure services.
Read more in the CSA Enterprise Architecture Reference Guide.
Trending This Week
#1 What are the Most Common Cloud Computing Service Delivery Models?
#2 How ChatGPT Can be Used in Cybersecurity
#3 Understanding Identity and Access Management IAM and Authorization Management
#4 Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist
#5 101 Guide on Cloud Security Architecture for Enterprises
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.