FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
Page 1 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
11%
0% 5%
April TFS Calls Received/Raised
2%
76%
@ User access issues/access
enhancement calls
m Revocation call
ONew users access call
O Security Event calls
m@TESQA Calls
@ Security Incident call
@IDS alerts
TFS - ‘A’ Priority calls raised/ handled this month:-
Call Reference I Date Days Summary RAG
No: Opened Closed
N/A
PEAK ‘A’ Priority calls raised on the Security Ops stack:-
Call Reference I Date Days Summary RAG
No: Opened Closed
PCO205980 1 Nov 10 LST: Sophos Anti virus is quarantining files
Page 2 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
Area under construction — example of what we expect to show start new financial year
Total number of users with System access = 272
New Joiners for April - 2
Leavers/revocation for April - 2
Revocations - Access removed within 24 hours of receipt of call/form
User
Management (G = 90 -100% , A = 70 - 80%, Red= 70% &<)
New User access - Setting up of MSAD Accounts within 3 days of receipt of call/form
(G = 100% , A = 90+ A% - 120, R = Anything else)
TESQA
Total accounts available to POL users - 20
Active POL accounts - 17
Unassigned/Available POL accounts - 3
Engineers - Security Clearance
254 Security Cleared Engineers.
Summary:
8 WIP currently with POL awaiting Security Clearance - (Mark Hall/David Hawkins/Ashley Jones-Mayne/Graham David-Allen/Walid Hamid-
Adam/Philip Skillen/Mark Truss/Anthony Isherwood).
Page 3 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
Total number of cryptographic Keys Managed
Service Effect = 8
Non Service Effecting = 14
Change on compromise only = 6
Crypto Key Required key changes are taking place or scheduled to take place in the agreed timescales as per the Periodically
Activities key change schedule or as per customer request.
(G = All on schedule, A = Some not on schedule, but not service affecting, R = Anything else)
Summary:
Page 4 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
Critical Patch deployment success rate - PAB defined N/A Within 30 days
Security (G = 100% , A = >45 days, Red= >60 days)
Pein) Patch deployment success rate within agreed timescales - PAB required Within 90 days
(G = 100% , A = 90+ A% - 120, R = Anything else)
jummary:
pril patches for deployment
Microsoft released - 17 patches released - 13 require deployment
Redhat Released - 2 patches both applicable
olaris Released - 24 patches - 13 deemed applicable
Deployment scheduled for weekend of the 05 June 2011
Virus Attacks
No reported attacks
Mal-ware. Weekly Anti-virus definitions deployed to all the windows based platforms within 7 days of package Packaged
updates _— release date Weekly on a
{Av) (G = <7days,_A = 8-13days, Red = 14% >days Wednesday
Summary:
Page 5 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
SECURITY EVENT MANAGEMENT
Security Events Received
Security Events-2011
pleats
Chart 1 - Ongoing
Summary: 4 unknown events and 2 known event calls were raised during this month.
IDS MANAGEMENT
Page 6 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
One IDS Call was suspended last month and is currently under investigation. Awaiting response from Jason Clark. Call Ref: 3404183.
Work is in progress for additional reporting for this area and will be available in May’s report.
It has been agreed that we will only be monitoring and reporting on alerts/attacks classified as High.
Summary:
Page 7 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
ARQ's/BQ's Contract V's Actual 2011/12
ooo
700
e00
500
200
wo
owoar2o10
o1osr2010
ovosr2010
onoTi2010
owost2010
owosr2010
‘o1tor2010
o1Mweo19
otat2010
ovat
owear20tt
——ARQs Contracted
—#— BQ's Contracted
ARQ Received
>< BO's Received
ARQ Query Days Contract V's Actual 2011/12
—m=— Query Days YTD
—e— Query Days
Contracted
[ Summary: CP to change the service deliverables has been agreed for 2011/2012
Page 8 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
For Month Ending: 31st March 2011
This area is under review — discussion underway re what changes or additional reporting can be made available
REPORT Signature RAG
Any incidents of downtime on any of the Firewall's this month if so what and why. TIM ROPER
Any known unauthorised access to any of the Firewall's this month if so who and why. TIM ROPER
Any unauthorised changes to the rule-base /config or IOS upgrades this month if so when & by whom.
TIM ROPER
Number of timeout issues or bad packet errors (runts/giants/CRC etc) experienced this month. TIM ROPER
Number of translation errors occurred this month for NAT/PAT if so what and why.
TIM ROPER
Page 9 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
April 2011 Reconciliation Stats
BIMS Raised Cleared Outstanding Cleared from
previous month
For info
Waiting for receipts of
5 day SLA transaction Mark Wardle
Comms issue at branch
unable to progress this
until comms has been
resolved
13/04/2011 13/04/2011
EPOSS/POLFS
0209773 LINK State 4 18/04/2011 8 Hour SLA Mark Wardle
Summary: 31 BIMs (Business Incident Management) were issued during April, 25 BIMS were ‘A’ priority calls, 5 ‘B’ priority calls and an
additional call was raised for Info purposes to POL. 2 BIMs are currently outstanding these have been suspended as agreed with Mark Wardle.
All BIMS raised and cleared during month of April met SLA.
Page 10 of 11
FUJ00231986
FUJ00231986
RMGA Security Ops Service Management Monthly Report — April 2011
Improvement Initiative Benefit / Outcome Estimated Status
Timeframes
New business Produce plan to facilitate POL’s Apr - Discussion to held in ISMF and monthly catch up sessions
activities/improvements FoOG activities - joint activity
Review of the AV strategic Slicker process Apr 2011 Dec Internal Scoping CP to be raised by end Jan
jeppiozcdl Jan - Meeting held with Sophos and areas of improvement under
discussion
Feb - CP raised for impacting
Mar - CP with Chief Architect
Apr - under review
Tripwire baselining Policies being reviewed to June 2011 Work underway
monitor the relevant files rather
than all. Nov - Baselining work 85% completed and documentation
underway, knowledge transfer scheduled for early December for
Unix and Wintel resource
Dec - knowledge transfer complete scoping CP raised to understand
service impact
Jan - CP out for impacting
Mar - Meeting scheduled for 26/04
Apr - Meeting held, follow up to be scheduled Mid May
Re work of Security operations Clear view for all to see any ongoing Nov - under review
forward Schedule of change changes/audits etc e :
Dec - format changed, work still on going
Mar - Audit dates to be added
Page 11 of 11