IT Security Management
From IT Process Wiki
| diese Seite auf Deutsch |
|---|
ITIL Version: ITIL Version 3 (ITIL V3)
Process Objective: To ensure the confidentiality, integrity and availability of an organisation's information, data and IT services. Information Security Management usually forms part of an organisational approach to security management which has a wider scope than the IT Service Provider.
Part of: Service Design
Process Owner: IT Security Manager
Contents |
[edit] ITIL V3 vs. ITIL V2: IT Security Management
- ITIL V2 provided guidance on IT Security Management in a separate book
- ITIL V3 treats IT Security Management as part of the Service Design core volume, resulting in a better integration of this process into the Service Lifecycle
- The process was updated to account for new security concerns
[edit] Sub-Processes of IT Security Management (ITIL V3)
- Design of Security Controls
- Process Objective: To design appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services.
- Security Testing
- Process Objective: To make sure that all security mechanisms are subject to regular testing.
- Management of Security Incidents
- Process Objective: To detect and fight attacks and intrusions, and to minimize the damage incurred by security breaches.
- Security Review
- Process Objective: To review if security measures and procedures are still in line with risk perceptions from the business side, and to verify if those measures and procedures are regularly maintained and tested.
[edit] Related Key Performance Indicators
[edit] Roles within IT Security Management (ITIL V3)
- IT Security Manager (Process Owner)
