A service desk can be a solid process framework for cybersecurity—from the first report to systemic measures. In the lecture by Miroslava Jombíka from the Slovak company Innova Logic, it was explained why a high-quality CMDB, clear rules, and tool usability are key. Technology, processes, and people all matter so the "green lights" don't mislead.
From report to action: a continuous loop
The process starts with a report from a user, monitoring, or other systems and continues by assigning the case to a resolver with clear guidelines. The resolver records essential information so that security managers can assess policy violations and propose measures. The result feeds back into configuration and settings, making it a continuous cycle of improvement. The aim is for incident response to be fast and backed by up-to-date data.
The foundation is knowing exactly what we are protecting—from technical components through software and applications to services. The organization must define which services it provides internally and externally and record them in the configuration database along with their relationships. This enables setting appropriate security measures relative to the value of "what is most valuable." Without this map, protection is only a hunch, not a managed process.
CMDB: trust but verify
In automated data collection, the principle "trust but verify" applies. Systems ingest a lot of data, but the organization needs accurate and verified information about assets. You therefore cannot avoid manual supplementation, and it must be fast and clear. An interface that allows data to be edited conveniently without the help of developers helps.
Key are CMDB governance rules and a clearly defined minimum set of data for each item. For critical assets, the status needs to be one hundred percent; for others, a realistic target is about 95 percent. This includes location, owner, and the roles responsible for the given asset. Equally important are the relationships between services and components so that the impact on operations is clear.
CIA triad, visualization, and usability
For each asset, you need to determine confidentiality, integrity, and availability. Confidentiality means access only for authorized individuals, integrity the accuracy and completeness of data, availability their availability when needed. Clear tools with visualization of relationships make it easier to estimate impacts and respond quickly to incidents. Such views also support planning of system changes and measures.
The lecture emphasized that the tool alone is not enough—people and processes that give it meaning are decisive. It’s not enough that the indicators are green; you need to understand what they mean so as not to create a false sense of security and room for shadow IT. Usability is therefore critical so that people do not circumvent the system and naturally contribute to managing cybersecurity. As an illustrative example from practice, an ongoing implementation at Českej národnej banky was mentioned.
