Our Agency’s Cybersecurity Service Line & Management
Our customers and end users are vital to the success of the Cybersecurity Service Line, which is why we strive to ensure the delivery of cybersecurity services is efficient and effective across the Agency. Our goal is to provide superior customer service to maximize the value of cybersecurity services offered, optimize service delivery, and improve overall customer experiences. Our team uses a holistic, strategic approach in pursuit of excellence in IT cybersecurity service management. Our team uses service management best practices, including Information Technology Infrastructure Library (ITIL), Lean Six Sigma (LSS), Project Management Institute (PMI), and Agile to provide consistent, efficient, and effective service management delivery
ITIL Service Management Processes
Strategy & Business Management
Our Strategy and Business Management team works to ensure the delivery of IT services is efficient and effective to meet our customer’s needs, service requirements, and desired outcomes. We leverage a Voice of the Customer (VoC) initiative for the Business Relationship Manager to host customer engagement workshops, conduct surveys, and participate in outreach activities to stay connected with our customers, stakeholders, and end users. The feedback and insights collected through this process allow us to improve the cybersecurity services that are currently offered and provide opportunities for the development of new service offerings that meet end-user demands.
Project Management
Our Project Management team works with the Agency Enterprise Project Management Office (EPMO) and provides consultation and guidance on NASA’s process for applicable IT projects, project methodologies that support project planning, and strategic roadmap alignment. Our team strives to provide quality service delivery and works within the given constraints of scope, time, and budget while driving change and delivering value.
Operations Management
Our Operations Management team is responsible for the day-to-day operations of NASA’s cybersecurity services across the Cybersecurity Service Line. Our goal is to ensure seamless performance and delivery of services while maximizing efficiencies, increasing stability, improving the quality of services offered, and aiding in the detection and resolution of service disruptions. Our team uses best practices and service operational principles to help govern the transition of services, ensuring they are correctly prioritized, accessed, and implemented in a timely manner.
Problem Management
When a problem is identified within a cybersecurity service, a Problem Management Review is scheduled so that the Problem Management team can assist the problem owner identified within the cybersecurity service management office or Service Portfolio. Our Problem Management team uses standardized methods and procedures to review, categorize, analyze, and report problems in an effective and timely manner. To help determine the cause of a problem, our team uses a Root Cause Analysis Toolkit and a Service Now ticketing system to track and document important details. A Problem Review Board meeting is held to authorize and review problems within the Cybersecurity Services organization that will manage improvement opportunities and reduce the number of problems and incidents that occur going forward.
Strategic Planning & Road Mapping
Our Strategic Planning and Road Mapping team ensures services within the Cybersecurity Service Line and their plans remain aligned with the overall organizational strategy, including changes made to the strategy, roadmaps, and portfolios. Our team has implemented a Portfolio Item Change Request process that allows users to submit a change to an existing Portfolio Item that is documented through a request workflow. Our team manages the governance of the portfolio changes and communicates with Leadership teams, the portfolio status on a regular cadence to keep them informed and stay abreast on important actions, projects, and initiatives.
Risk Management
The Risk Management discipline is an integrated process throughout the entire CyS Service Line. Our CyS Risk Management team ensures that potential shortfalls are identified while making sure that explicitly established and stated objectives are still achieved. Determination of the probability of such occurrences and the magnitude of the potential consequences enable risk-informed decisions, proactive task planning, and resource allocation decisions designed to ensure the success of the CyS Service Line. Risks are identified, discussed, and escalated to the appropriate Risk Reviews and are managed at the level providing budget and resources.
Enterprise Services
We are continuously maturing our service management processes to ensure we provide consistent, efficient, and effective methodologies when adding new services to our Cybersecurity Portfolio. Our Enterprise Service team develops and delivers (assesses and implements) new enterprise services that meet customer and stakeholder cybersecurity needs across the Agency that are aligned to the Cybersecurity Service Line. We engage with customers, stakeholders, and technical subject matter experts to deliver cybersecurity services driven by customer needs, meet cybersecurity requirements, and add value to NASA centers and missions, while continuously providing optimized service delivery.
Demand Management Services
Our Demand Management team ensures that there are standardized workflows, methods, and procedures to vet new demands that will ensure proper analysis prior to project initiation. Our team uses various tools and techniques to forecast, plan, and manage the demand for products and services to ensure alignment with our customer’s strategic direction. We offer assistance, guidance, and consultation to help streamline the workflow processes.
Strategy & Business Management
Our Strategy and Business Management team works to ensure the delivery of IT services is efficient and effective to meet our customer’s needs, service requirements, and desired outcomes. We leverage a Voice of the Customer (VoC) initiative for the Business Relationship Manager to host customer engagement workshops, conduct surveys, and participate in outreach activities to stay connected with our customers, stakeholders, and end users. The feedback and insights collected through this process allow us to improve the cybersecurity services that are currently offered and provide opportunities for the development of new service offerings that meet end-user demands.
Project Management
Our Project Management team works with the Agency Enterprise Project Management Office (EPMO) and provides consultation and guidance on NASA’s process for applicable IT projects, project methodologies that support project planning, and strategic roadmap alignment. Our team strives to provide quality service delivery and works within the given constraints of scope, time, and budget while driving change and delivering value.
Operations Management
Our Operations Management team is responsible for the day-to-day operations of NASA’s cybersecurity services across the Cybersecurity Service Line. Our goal is to ensure seamless performance and delivery of services while maximizing efficiencies, increasing stability, improving the quality of services offered, and aiding in the detection and resolution of service disruptions. Our team uses best practices and service operational principles to help govern the transition of services, ensuring they are correctly prioritized, accessed, and implemented in a timely manner.
Problem Management
When a problem is identified within a cybersecurity service, a Problem Management Review is scheduled so that the Problem Management team can assist the problem owner identified within the cybersecurity service management office or Service Portfolio. Our Problem Management team uses standardized methods and procedures to review, categorize, analyze, and report problems in an effective and timely manner. To help determine the cause of a problem, our team uses a Root Cause Analysis Toolkit and a Service Now ticketing system to track and document important details. A Problem Review Board meeting is held to authorize and review problems within the Cybersecurity Services organization that will manage improvement opportunities and reduce the number of problems and incidents that occur going forward.
Strategic Planning & Road Mapping
Our Strategic Planning and Road Mapping team ensures services within the Cybersecurity Service Line and their plans remain aligned with the overall organizational strategy, including changes made to the strategy, roadmaps, and portfolios. Our team has implemented a Portfolio Item Change Request process that allows users to submit a change to an existing Portfolio Item that is documented through a request workflow. Our team manages the governance of the portfolio changes and communicates with Leadership teams, the portfolio status on a regular cadence to keep them informed and stay abreast on important actions, projects, and initiatives.
Risk Management
The Risk Management discipline is an integrated process throughout the entire CyS Service Line. Our CyS Risk Management team ensures that potential shortfalls are identified while making sure that explicitly established and stated objectives are still achieved. Determination of the probability of such occurrences and the magnitude of the potential consequences enable risk-informed decisions, proactive task planning, and resource allocation decisions designed to ensure the success of the CyS Service Line. Risks are identified, discussed, and escalated to the appropriate Risk Reviews and are managed at the level providing budget and resources.
Enterprise Services
We are continuously maturing our service management processes to ensure we provide consistent, efficient, and effective methodologies when adding new services to our Cybersecurity Portfolio. Our Enterprise Service team develops and delivers (assesses and implements) new enterprise services that meet customer and stakeholder cybersecurity needs across the Agency that are aligned to the Cybersecurity Service Line. We engage with customers, stakeholders, and technical subject matter experts to deliver cybersecurity services driven by customer needs, meet cybersecurity requirements, and add value to NASA centers and missions, while continuously providing optimized service delivery.
Demand Management Services
Our Demand Management team ensures that there are standardized workflows, methods, and procedures to vet new demands that will ensure proper analysis prior to project initiation. Our team uses various tools and techniques to forecast, plan, and manage the demand for products and services to ensure alignment with our customer’s strategic direction. We offer assistance, guidance, and consultation to help streamline the workflow processes.
Service Level Management
The CyS Service Level Management team maintains and approves IT service quality through a constant cycle of agreeing, monitoring, and reporting upon IT achievements and actions. Our team helps standardize processes between the cybersecurity services offered and the service providers who serve them. We work one-on-one with the service portfolios to establish Service Level Agreements and Operational Level Agreements which would guarantee that specific and measurable targets are met and that both parties have clear expectations of the level of services that will be delivered.
Service Portfolio Management
Our CyS Service Portfolio Management team evaluates and prioritizes incoming products or service proposals and change requests based on resource constraints, existing commitments, the organization’s strategy and objectives, and other criteria. Our CyS Portfolio provides a comprehensive listing of cybersecurity services that are in the production service pipeline, located within the Cybersecurity Catalog, or retired. Our CyS Service Line currently consists of three portfolios: Cybersecurity Infrastructure, Security Operations, and Cyber Protection.
Service Catalog Management
The Cybersecurity Service Catalog is available on the Enterprise Service Desk website at NASA and can be accessed by all NASA users. The catalog provides a standardized listing of the cybersecurity offerings available, making it a quick and easy resource guide for users to order the cybersecurity services they need in one centralized location. Our CyS Service Catalog Management team continually matures and expands the service request offerings in the Cybersecurity Catalog to ensure the services offered are meeting the NASA Agency cyber needs.
Service Now Development
Our Service Now Development team is responsible for gathering the requirements, writing the user stories, and managing the functional testing of those developed stories in the configuration, development, and maintenance of the CyS Service Portal and Cybersecurity Catalog, located on our customer’s Enterprise Service Desk Service Portal. Our goal is to make it easy for users to access and order cybersecurity services across the organization while delivering optimal cybersecurity services that are customized to meet our customer’s and end-user needs.
Service Request Fulfillment
The Service Request Fulfillment process manages the entire lifecycle of a user request for information, advice, a standard change, or access to an IT service. Our CyS Service Now Development team was instrumental in developing a Cybersecurity Catalog, located on the Enterprise Service Desk website at NASA, where NASA users can go to order cybersecurity services or provide feedback on improving the productivity and quality of the services offered – all within one location.
Service Level Management
The CyS Service Level Management team maintains and approves IT service quality through a constant cycle of agreeing, monitoring, and reporting upon IT achievements and actions. Our team helps standardize processes between the cybersecurity services offered and the service providers who serve them. We work one-on-one with the service portfolios to establish Service Level Agreements and Operational Level Agreements which would guarantee that specific and measurable targets are met and that both parties have clear expectations of the level of services that will be delivered.
Service Portfolio Management
Our CyS Service Portfolio Management team evaluates and prioritizes incoming products or service proposals and change requests based on resource constraints, existing commitments, the organization’s strategy and objectives, and other criteria. Our CyS Portfolio provides a comprehensive listing of cybersecurity services that are in the production service pipeline, located within the Cybersecurity Catalog, or retired. Our CyS Service Line currently consists of three portfolios: Cybersecurity Infrastructure, Security Operations, and Cyber Protection.
Service Catalog Management
The Cybersecurity Service Catalog is available on the Enterprise Service Desk website at NASA and can be accessed by all NASA users. The catalog provides a standardized listing of the cybersecurity offerings available, making it a quick and easy resource guide for users to order the cybersecurity services they need in one centralized location. Our CyS Service Catalog Management team continually matures and expands the service request offerings in the Cybersecurity Catalog to ensure the services offered are meeting the NASA Agency cyber needs.
Service Now Development
Our Service Now Development team is responsible for gathering the requirements, writing the user stories, and managing the functional testing of those developed stories in the configuration, development, and maintenance of the CyS Service Portal and Cybersecurity Catalog, located on our customer’s Enterprise Service Desk Service Portal. Our goal is to make it easy for users to access and order cybersecurity services across the organization while delivering optimal cybersecurity services that are customized to meet our customer’s and end-user needs.
Service Request Fulfillment
The Service Request Fulfillment process manages the entire lifecycle of a user request for information, advice, a standard change, or access to an IT service. Our CyS Service Now Development team was instrumental in developing a Cybersecurity Catalog, located on the Enterprise Service Desk website at NASA, where NASA users can go to order cybersecurity services or provide feedback on improving the productivity and quality of the services offered – all within one location.
Knowledge Management
The Knowledge Management team ensures that the help desk staff, our service customers, and end users have accurate and sufficient cybersecurity knowledge and resources available to them 24/7/365. Our team is responsible for establishing and maintaining standardized workflows and processes that continually improve the quality of information available. The team works with each Service Portfolio area to ensure that all published cybersecurity services knowledge articles are included within our customer’s Knowledge Base library and that users and help desk staff have easy access to this information.
Metrics and Reporting
The Metrics and Reporting team provides consultation, guidance, and support on performance data metrics and reporting for the Cybersecurity Service Line. We use standardized performance metrics and reporting tools to generate operational reports, dashboards, and scorecards that measure the alignment of cybersecurity service offerings and service management functions within the Cybersecurity Service Line.
Continual Improvement
Our Continual Improvement team follows the ITIL best practice for continual improvement (Plan, Do, Check, Act) to ensure that our cybersecurity services are meeting the demands of our customers and end users. We use an automated process for users to submit suggestions or ideas to strengthen the effectiveness and efficiency of IT processes and cybersecurity services across NASA. We leverage existing or cross-integration of services to determine improvement solutions that align services to meet customer needs and use tools to help evaluate, analyze, and document cybersecurity maturity levels to continually refine and improve processes for service enhancement, waste reduction, and variation.
Change Management
Our Change Management team ensures that there are standardized methods and procedures in place to record, control, and coordinate cybersecurity-related changes. Our team is responsible for managing and processing cybersecurity-related change requests and assisting submitters throughout the entire workflow process, which includes a two-phased governance process needed to obtain the necessary authorization to proceed with the implementation of a change. Our goal is to provide users with a better overall user experience. Our team is continuously improving our processes by providing customers with streamlined workflow activities and automation, improved online forms, and real-time dashboard reporting.
ITSM Incident Management
When an incident occurs, our ITSM Incident Management team executes the ITIL best practice of Detecting, Recording, Classifying, and Resolving to restore normal service operations as quickly as possible to minimize the impact on business operations and ensure that the best possible levels of service quality and availability are maintained. Service Level Agreements) are in place with each of our customer’s Service Portfolio areas that document the parameters for ‘normal service operations’ and provide guidelines to resume full operational performance when an incident occurs.
Communications
It is important that the communications received by customers, stakeholders, and end users are consistent, efficient, and effective. Our Communications team manages and outlines all communication channels and processes, and enforces official communication standards, policies, guidelines, and best practices. We provide guidance and support to our customers to be able to send official communications through their appropriate channels. As authorized senders, our team is responsible for releasing agency-wide cybersecurity-related notifications, including Emergency Communications that alert users of a service outage or security vulnerability. Our team also provides processes and guidance on official written documentation, logos, graphics, and digital email signatures. We work closely with the Agency Office of Communications to stay abreast of the latest communication policies and guidelines to make certain that our processes and standards remain aligned.
Knowledge Management
The Knowledge Management team ensures that the help desk staff, our service customers, and end users have accurate and sufficient cybersecurity knowledge and resources available to them 24/7/365. Our team is responsible for establishing and maintaining standardized workflows and processes that continually improve the quality of information available. The team works with each Service Portfolio area to ensure that all published cybersecurity services knowledge articles are included within our customer’s Knowledge Base library and that users and help desk staff have easy access to this information.
Metrics and Reporting
The Metrics and Reporting team provides consultation, guidance, and support on performance data metrics and reporting for the Cybersecurity Service Line. We use standardized performance metrics and reporting tools to generate operational reports, dashboards, and scorecards that measure the alignment of cybersecurity service offerings and service management functions within the Cybersecurity Service Line.
Continual Improvement
Our Continual Improvement team follows the ITIL best practice for continual improvement (Plan, Do, Check, Act) to ensure that our cybersecurity services are meeting the demands of our customers and end users. We use an automated process for users to submit suggestions or ideas to strengthen the effectiveness and efficiency of IT processes and cybersecurity services across NASA. We leverage existing or cross-integration of services to determine improvement solutions that align services to meet customer needs and use tools to help evaluate, analyze, and document cybersecurity maturity levels to continually refine and improve processes for service enhancement, waste reduction, and variation.
Change Management
Our Change Management team ensures that there are standardized methods and procedures in place to record, control, and coordinate cybersecurity-related changes. Our team is responsible for managing and processing cybersecurity-related change requests and assisting submitters throughout the entire workflow process, which includes a two-phased governance process needed to obtain the necessary authorization to proceed with the implementation of a change. Our goal is to provide users with a better overall user experience. Our team is continuously improving our processes by providing customers with streamlined workflow activities and automation, improved online forms, and real-time dashboard reporting.
ITSM Incident Management
When an incident occurs, our ITSM Incident Management team executes the ITIL best practice of Detecting, Recording, Classifying, and Resolving to restore normal service operations as quickly as possible to minimize the impact on business operations and ensure that the best possible levels of service quality and availability are maintained. Service Level Agreements) are in place with each of our customer’s Service Portfolio areas that document the parameters for ‘normal service operations’ and provide guidelines to resume full operational performance when an incident occurs.
Communications
It is important that the communications received by customers, stakeholders, and end users are consistent, efficient, and effective. Our Communications team manages and outlines all communication channels and processes, and enforces official communication standards, policies, guidelines, and best practices. We provide guidance and support to our customers to be able to send official communications through their appropriate channels. As authorized senders, our team is responsible for releasing agency-wide cybersecurity-related notifications, including Emergency Communications that alert users of a service outage or security vulnerability. Our team also provides processes and guidance on official written documentation, logos, graphics, and digital email signatures. We work closely with the Agency Office of Communications to stay abreast of the latest communication policies and guidelines to make certain that our processes and standards remain aligned.