Business Operation Support Services (BOSS) 
Description
BOSS was designed based on those best practices and reference frameworks with proven success aligning the business and transforming the information security practice across organizations into a business enabler.
Most of the security architectures focus only on technical capabilities missing the opportunity to create a dynamic synergy with the business, transforming reactive practices into proactive areas, that eventually can enable business command centers that provide relevant information about the health around information assets and business processes.
A common concern when organizations decide to integrate services with cloud providers is the level of security the provider will offer as well as the amount of exposure when data is hosted on a multi-tenant model. This domain outlines those aspects that must be considered besides the technological solutions, such as legal guidance, compliance and auditing activities, human resources, and monitoring capabilities with a focus on fraud prevention.
Example
The security monitoring tool alerts an analyst that a customer withdrawal transaction was initiated from a workstation in the IT department instead of the customer contact center. A special investigation is held with the help of HR and Legal to determine that a disgruntled system administrator has been stealing from the company.
Relationships to Other Domains
Business Operations Support Services defines the high-level policy requirements that IT Operation Support Services, Presentation Services, Application Services, Information Services, Infrastructure Services and Security & Risk Management exist to support. BOSS embodies the direction of the business and objectives of the cloud consumer. BOSS is embodied in the Compliance objectives, Legal objective, Human Resource requirements, Operational Risk tolerance, and Security Monitoring services that are required to satisfy clients' service level objectives and jurisdictional legislative mandates.
The BOSS domain works to align the ITOS and the SRM domains with the business desired strategy, capabilities, and risk portfolio.
Business Operation Support Services (BOSS)
Compliance
| Audit Planning | Contact / Authority Maintenance | ||
| Independent Audits | Third Party Audits | Internal Audits | |
| Information System Regulatory Mapping | Intellectual Property Protection | ||
Data Governance
| Data Ownership / Stewardship | Data Classification | Handling / Labeling / Security Policy | |
| Secure Disposal of Data | Clear Desk Policy | Rules for Information Leakage Prevention | |
| Rules for Data Retention | |||
Operational Risk Management
Human Resources Security
| Employee Termination | Employment Agreements |
| Background Screening | Job Descriptions |
| Roles and Responsib-ilities | Employee Awareness |
| Employee Code of Conduct | |
Security Monitoring Services
| SIEM Plat- form | Event Mining | Database Monitoring | Application Monitoring | Honey Pot | End-Point Monitoring |
| Event Correlation | Cloud Monitoring | E-Mail Journaling | SOC Portal | Counter Threat Manage- ment |
| Market Threat Intelligence | ||||
| Managed Security Services | Knowledge Base | Branding Protection | Anti-Phishing |
| Real-Time Internet Work Defense (scap) | User Behavior & Profile Patterns | ||
Domain Key
