Important Individuals 43 Project Team You should gather a small team of individuals to be your core project team. Depending on the size of your company, IT department, and security teams, this can range from one person (you are it!) to a team of eight to ten people for a large enterprise. You might want representation from teams that perform the following functions in your company: • Team responsible for desktop/laptop (or server) software support—Obviously, team members must be aware of their responsibilities. • Team responsible for quality assurance (for example, the testing of software for stability and usability in your environment) —They need to be aware of CSA being a part of the standard environment in which they must test all new software packages. This could include both the IT Quality Assurance functions which most companies have, as well as the Engineering Quality Assurance functions if CSA might impact their software development or testing environments. • Team responsible for frontline or phone support for your organization—The folks who answer the phone when someone calls Tech Support need to have Frequently Asked Questions (FAQs) and other documentation at hand and should be able to handle the majority of end-user concerns and questions. • Team responsible for corporate information security—Depending on your environment this might be one team or multiple teams that can assist in the analysis and development of a security policy across your network. • Team responsible for internal corporate communications—As much as systems administrators have joked for decades about how nice the computing environment would be without the users, you do need to keep the user base informed of what is coming, and most importantly why. Executive Sponsor The number of roles played by the executive sponsor depends on your company. The sponsor might be the person who signs off on the eventual purchase orders to buy CSA, or it might be the person who is there to help with political roadblocks if the project team encounters any in the testing or deployment. This person should be at a high enough level to provide that support and step in to correct anything blocking the project from becoming a success. Project Manager This person pulls together your project team and keeps things on track for testing, documentation, and notes. Otherwise, you might be so excited to try this product that you skip some important step in the process and cause yourself grief later in the deployment. Pick someone who is not afraid to document everything and keep the team on track but also 44 Chapter 3: Information Gathering has the team’s support for that work. You should make sure that the project manager reads this section to gain familiarity with CSA and understand what information makes this project move more smoothly. Support Team For ongoing support of CSA, you need some percentage of time from a few people, depending on the complexity of your deployment and their comfort level and experience with the product. As an example, the following is a breakdown of typical resources used at numerous large enterprise customers that have deployed CSA: • CSA administrators—One FTE (Full Time Equivalent), meaning full-time employee. Generally the work is shared by at least two people, sometimes three people out of the organization that uses CSA, whether that be the desktop or server system administration teams. Responsibilities can include: policy changes, development, and escalations from a front-line support organization. These are usually the people in your team that end up contacting the Cisco Technical Assistance Center (TAC) for support if it is necessary. • Front-line support: negligible—This really depends on whether or not you have a dedicated front-line support staff. If you do, supporting CSA is generally no worse than supporting any other deployed application and is often less painful than most Office applications. In either case, training the support staff and users and making documentation easily available to both groups helps to minimize any CSA impacts. • Host support—The extent of support depends on how many CSA Management Centers you deploy in your environment, but in most medium to large environments this is no more than three to five servers. Therefore, support is generally not a huge burden. The group needs minimal work from the host support side (such as backups, hardware failure resolution, and so on). • Desktop or server software quality assurance team—This is the same group you use to test software, patches, and so on before release to the general user population. In a small company, this might be the same people as the CSA administrators or it could be a dedicated team. In either case, they need to be trained to be aware of the possible changes to their testing caused by CSA. For example, when testing Microsoft Word Patch#1234, there were issues with saving files. Do we need, therefore, to try disabling CSA temporarily to see if the problems are caused by Microsoft Word or by our CSA policies? You might need a few or all of these roles depending on the size of your organization and how you typically release software into your environment. Deployment of CSA might be easier for companies that have restrictive environments in which all software must be released from a central point than for companies in which everyone can install anything they want at any time. However, securing either environment with CSA is achievable. References in This Chapter 45 Always keep the goal in sight: You are trying to save your organization money. Whether you calculate that money to include time, personnel, security incidents, cleanup time, or other issues, this book helps you to use what we are building on to start building return on investment scenarios you can use to validate your work. Summary We hope this chapter helped to better understand the information you need to make your deployment of CSA a success. From the network, to your servers and desktops and your applications, and even to the formation of a project team—all these things help you develop an appropriate plan for deploying CSA and getting what you expect from that deployment. Next we help you develop a CSA project implementation plan and help justify the returns that a deployment of CSA can provide your enterprise. References in This Chapter Cisco Security Agent Frequently Asked Questions, Cisco.com, http://www.cisco.com/en/ US/products/sw/secursw/ps5057/products_qanda_item09186a008049ad72.shtml Cisco Security Agent V4.5.1 Release Notes, Cisco Systems (from V4.5.1-616 software distribution files). [...]... 4.5 Query with a Challenge • CSA Balloon Message—these are messages that appear as a little balloon above the Cisco Security Agent red flag in your taskbar Figure 4 -3 displays an example of a balloon message They do not require any interaction and can be silenced by the user if they become annoying via the CSA menu on the user’s machine 58 Chapter 4: Project Implementation Plan Figure 4 -3 A Standard... Security Agent Version 4.5 Balloon Message With these factors in mind, what can you do to define some metrics for how you want your users to interact with CSA? • You can take a simple approach and set the No User Interaction checkbox, which disables all popup messages and queries—in fact it removes the CSA flag and user interface completely from the user’s sight CSA still operates normally; however, any... Gather the number of total machines you expect to deploy CSA to, and negotiate at least a starting point quote for what your cost of CSA will be (from the software perspective) — If you already purchased CSA, this is the easy part — If you have not purchased CSA, contact your account manager or reseller and get at least a ballpark number to work with • Do your best to split the numbers you have from... have the opportunity to try CSA Now that you have collected all this information and started a plan for the eventual rollout of CSA, you need to get your pilot going The following sections look at the overall process: • • • • • Setting up a successful CSA pilot Supporting your pilot users well Exploring some common mistakes that you can avoid when setting up a CSA pilot Testing CSA Establishing success... Cisco SIMS or MARS) Not Backing Up the Pilot Server and Database With CSA 4.5 and later, the database contains the most important data for recovering and restoring your CSA MC The database contains not only all your groups, policies, rule modules, and so on, but your software licenses, and SSL certificate keys that CSA uses to communicate with the MC If you have your database backups and they are good,... issues? — Do you have an FAQ e-mail or website to start users with some initial information? — What are users expected to report to the list? Any installation/uninstall issues? CSA queries or popup messages that occur too often for a normal task? Applications that users know are disabled by CSA? — Do all the users know how to eliminate CSA as the cause of a problem? For example, you might want to train... know how to disable CSA? (This includes using the Off security level setting and stopping the agent service.) — If an application worked before installing CSA and does not work now, and stopping the agent does not help, do users know how to uninstall and reinstall the security agent to see if CSA is really the issue? — Do users have the instructions available to them to remove CSA manually if for some... not immediately impact users but are perhaps annoying are analyzed and handled within one week • Nonbusiness-related policy changes within one business quarter (they do deserve an answer eventually) • CSA Questions — Metric: High caseload in the beginning, lowering over time as users become accustomed to the presence of CSA — Average time to resolve: Very short—if you do your homework ahead of time... Implementation Plan This brings us to a rough total of approximately 5.8 million dollars spent each year in time and effort just to combat incidents that should be preventable with the help of CSA This calculation is based on our knowledge of what CSA is capable of doing and stopping Although those numbers might seem enormous, think carefully about the last major virus or worm issue you had in your company, and... case, as long as the capital and operating expenses to deploy CSA cost less than 5.8 million dollars, then you received a return on your investment What should you expect to see? After deploying CSA, you should hope to see most of those major events go away, and the number of minor incidents minimized For those incidents that do occur post -CSA rollout, they should be contained to a small base of users . Microsoft Word Patch#1 234 , there were issues with saving files. Do we need, therefore, to try disabling CSA temporarily to see if the problems are caused by Microsoft Word or by our CSA policies? You. If you install CSA on servers, do they all start with a common operating system image when they are set up, or are they all uniquely configured? As with desktops, if you start with a common image,. 500 hosts a week would be a good metric with which to start. This gives you a chance to see the effects of your deployment on a manageable numbers of hosts, and resolve issues early before CSA