IT Security Management: Difference between revisions

From IT Process Wiki
mNo edit summary
Line 1: Line 1:
<seo metakeywords="it security management, itil security management, security management itil, itil security management process, security management process" metadescription="IT Security Management: ITIL process definition - subprocesses - Additional information on IT Security Management." />
<seo metakeywords="information security management, itil security management, security management itil, itil security management process, security management process" metadescription="Information Security Management: ITIL process definition - Sub-processes - Terms - Additional information on Information Security Management." />
<imagemap>
<imagemap>
Image:ITIL-Wiki-de-es.jpg|DE - ES - IT Security Management|100px
Image:ITIL-Wiki-de-es.jpg|DE - ES - Information Security Management|100px
rect 0 0 50 30 [https://wiki.de.it-processmaps.com/index.php/IT_Security_Management diese Seite auf Deutsch]
rect 0 0 50 30 [https://wiki.de.it-processmaps.com/index.php/IT_Security_Management diese Seite auf Deutsch]
rect 50 0 100 30 [https://wiki.es.it-processmaps.com/index.php/ITIL_Gestion_de_la_Seguridad_de_TI esta página en español]
rect 50 0 100 30 [https://wiki.es.it-processmaps.com/index.php/ITIL_Gestion_de_la_Seguridad_de_TI esta página en español]
Line 8: Line 8:
<br style="clear:both;"/>
<br style="clear:both;"/>


== ITIL IT Security Management: Overview ==
== Information Security Management ==


'''Process Objective''': To ensure the confidentiality, integrity and availability of an organisation's information, data and IT services. Information Security Management usually forms part of an organisational approach to security management which has a wider scope than the IT Service Provider.
''Information Security Management'' aims to ensure the confidentiality, integrity and availability of an organization's information, data and IT services. Information Security Management usually forms part of an organizational approach to security management which has a wider scope than the IT Service Provider.


'''Part of''': [[ITIL V3 Service Design|Service Design]]
'''Part of''': [[ITIL V3 Service Design|Service Design]]


'''Process Owner''': [[IT Security Management#ITIL Roles in IT Security Management|IT Security Manager]]
'''Process Owner''': [[IT Security Management#ITIL Roles|Information Security Manager]]


<p>&nbsp;</p>


== IT Security Management: Process Definition ==
== Process: Information Security Management ==


[[Image:Itil-security-management.jpg|thumb=overview_it_security_management_itilv3_thumb.jpg|left|[https://wiki.en.it-processmaps.com/images/pdf/process_overview_it_security_management_itilv3.pdf IT Security Management ITIL]]]
[[Image:Itil-security-management.jpg|left|thumb|350px|alt=Information Security Management ITIL|[https://wiki.en.it-processmaps.com/images/pdf/process_overview_it_security_management_itilv3.pdf ITIL Security Management]]]


ITIL V2 provided guidance on IT Security Management in a separate book. ITIL V3 treats IT Security Management as part of the Service Design core volume, resulting in a better integration of this process into the Service Lifecycle. The process was updated to account for new security concerns.
ITIL V2 provided guidance on Security Management in a separate book. ITIL V3 treats Information Security Management as part of the Service Design core volume, resulting in a better integration of this process into the Service Lifecycle. The process was updated to account for new security concerns.


The following sub-processes are part of [[IT Security Management|ITIL Security Management]]:
The following sub-processes are part of [[IT Security Management|ITIL Security Management]]:
<br style="clear:both;"/>
<br style="clear:both;"/>


=== Sub-Processes ===
== Sub-Processes ==


;Design of Security Controls
;Design of Security Controls
: Process Objective: To design appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services.
:Process Objective: To design appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services.


;Security Testing
;Security Testing
Line 40: Line 41:
:Process Objective: To review if security measures and procedures are still in line with risk perceptions from the business side, and to verify if those measures and procedures are regularly maintained and tested.
:Process Objective: To review if security measures and procedures are still in line with risk perceptions from the business side, and to verify if those measures and procedures are regularly maintained and tested.


<p>&nbsp;</p>


===== Downloads =====
== <span id="Terms-ITIL-Security-Management">ITIL Terms: Information Security Management ==


Use the following links to open the process overview of IT Security Management showing the most important interfaces:
;<span id="Availability-ITSCM-Security-Testing-Schedule">Availability/ ITSCM/ Security Testing Schedule</span>
:A schedule for the regular testing of all availability, continuity and security mechanisms, jointly maintained by [[Availability Management|Availability]], [[IT Service Continuity Management|IT Service Continuity]] and [[IT Security Management|Information Security Management]].


* [[Media:Itil-security-management.jpg|ITIL Security Management (.JPG)]]
;<span id="Security-Policy">Information Security Policy</span>
* [https://wiki.en.it-processmaps.com/images/pdf/process_overview_it_security_management_itilv3.pdf ITIL Security Management (.PDF)]''
:The main Information Security Policy contains an outline of the approach to ensure the security of IT services and systems. It is typically complemented by a set of more specific underpinning policies, e.g. policies on e-mail usage or remote system access. The Information Security Policy includes a list of security-related risks and existing or planned Security Controls to address those risks.  


;<span id="Security-Report">Information Security Report</span>
:The Information Security Report provides other Service Management processes and IT Management with information related to Information Security issues.


=== ITIL Terms: IT Security Management ===
;<span id="Security-Advisories">Security Advisories</span>
:A list of known security vulnerabilities compiled from input by third-party product suppliers. The list contains instructions for preventive measures and for the handling of security breaches once they occur.


;<span id="Availability ITSCM Security Testing Schedule">Availability/ ITSCM/ Security Testing Schedule</span>
;<span id="Security-Alert">Security Alert</span>
:A schedule for the regular testing of all availability, continuity and security mechanisms, jointly maintained by Availability, IT Service Continuity and IT Security Management.
:A warning produced by Information Security Management, typically released when outbreaks of security threats are foreseeable or already under way. The aim is to make sure that users and IT staff are able to identify any attacks and take appropriate precautions.  


;<span id="IT Security Policy">IT Security Policy</span>
;<span id="Security-Management-Information-System">Security Management Information System (SMIS)</span>
:IT Security Policies set binding rules for the use of services and systems with the aim of improving IT security.  
:A virtual repository of all Information Security Management data, usually stored in multiple physical locations.


;<span id="IT Security Report">IT Security Report</span>
;<span id="Test Report">Test-Report</span>
:The IT Security Report provides other Service Management processes and IT Management with information related to IT Security issues.  
:A report of the preparation, progress and evaluation of a test, created for example during the various tests carried out by [[Availability Management|Availability]], [[IT Service Continuity Management|IT Service Continuity]] or [[IT Security Management|Information Security Management]].


;<span id="IT Security Strategy">IT Security Strategy</span>
;<span id="Underpinning-Information-Security-Policy">Underpinning Information Security Policy</span>
:The IT Security Strategy contains an outline of the approach to ensure the security of IT services and systems. It includes a list of security-related risks and existing or planned Security Controls to address those risks.  
:Underpinning Information Security Policies are specific policies complementing the [[IT Security Management#Security-Policy|main Information Security Policy]] by setting binding rules for the use of systems and information as well as for the use and delivery of services, with the aim of improving information security.


;<span id="Security Advisories">Security Advisories</span>
<p>&nbsp;</p>
:A list of known security vulnerabilities compiled from input by third-party product suppliers. The list contains instructions for preventive measures and for the handling of security breaches once they occur.


;<span id="Security Alert">Security Alert</span>
== Additional Information ==
:A warning produced by IT Security Management, typically released when outbreaks of security threats are foreseeable or already under way. The aim is to make sure that users and IT staff are able to identify any attacks and take appropriate precautions.


;<span id="Security Management Information System">Security Management Information System</span>
==== ITIL KPIs ====
:A virtual repository of all IT Security Management data, usually stored in multiple physical locations.
* [[ITIL KPIs Service Design#ITIL KPIs Information Security Management|KPIs Information Security Management]]


;<span id="Test Report">Test Report</span>
==== ITIL Roles ====
:A report of the preparation, progress and evaluation of a test, created for example during the various tests carried out by Availability, IT Service Continuity or IT Security Management.


== Additional Information on IT Security Management ==
;Information Security Manager - Process Owner
:The Information Security Manager is responsible for ensuring the confidentiality, integrity and availability of an organization’s assets, information, data and IT services.
:He is usually involved in an organizational approach to Security Management which has a wider scope than the IT service provider, and includes handling of paper, building access, phone calls etc., for the entire organization.


==== ITIL KPIs ====
<p>&nbsp;</p>
* [[ITIL KPIs Service Design#ITIL KPIs IT Security Management|KPIs IT Security Management]]


== Downloads ==


==== ITIL Roles in IT Security Management ====
==== Overview ITIL Security Management ====


;IT Security Manager - Process Owner
{|
:The IT Security Manager is responsible for ensuring the confidentiality, integrity and availability of an organization’s assets, information, data and IT services.
| valign="top" |
:He is usually involved in an organizational approach to Security Management which has a wider scope than the IT service provider, and includes handling of paper, building access, phone calls etc., for the entire organization.
Use the following links to open the process overview of Information Security Management showing the most important interfaces:


* [[Media:Itil-security-management.jpg|ITIL Security Management (.JPG)]]
* [https://wiki.en.it-processmaps.com/images/pdf/process_overview_it_security_management_itilv3.pdf ITIL Security Management (.PDF)]''
| valign="top" |
[[Image:Itil-security-management.jpg|thumb|150px|left|none|alt=ITIL Security Management|Information Security Management at a glance]]
|-
|}




<i><small>[[Main Page|Home]] > [[ITIL Processes]] > [[ITIL V3 Service Design|Service Design]] > [[IT Security Management|IT Security Management]]</small></i>


<!-- This page is assigned to the following categories: -->
<!-- This page is assigned to the following categories: -->
[[Category:ITIL V3]][[Category:ITIL process]][[Category:Service Design|IT Security Management]][[Category:IT Security Management|!]]
[[Category:ITIL V3]][[Category:ITIL process]][[Category:Service Design|Information Security Management]][[Category:Information Security Management|!]]
<!-- --- -->
<!-- --- -->

Revision as of 17:12, 2 September 2011

<seo metakeywords="information security management, itil security management, security management itil, itil security management process, security management process" metadescription="Information Security Management: ITIL process definition - Sub-processes - Terms - Additional information on Information Security Management." />

DE - ES - Information Security Managementdiese Seite auf Deutschesta página en español
DE - ES - Information Security Management


Information Security Management

Information Security Management aims to ensure the confidentiality, integrity and availability of an organization's information, data and IT services. Information Security Management usually forms part of an organizational approach to security management which has a wider scope than the IT Service Provider.

Part of: Service Design

Process Owner: Information Security Manager

 

Process: Information Security Management

Information Security Management ITIL
ITIL Security Management

ITIL V2 provided guidance on Security Management in a separate book. ITIL V3 treats Information Security Management as part of the Service Design core volume, resulting in a better integration of this process into the Service Lifecycle. The process was updated to account for new security concerns.

The following sub-processes are part of ITIL Security Management:

Sub-Processes

Design of Security Controls
Process Objective: To design appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services.
Security Testing
Process Objective: To make sure that all security mechanisms are subject to regular testing.
Management of Security Incidents
Process Objective: To detect and fight attacks and intrusions, and to minimize the damage incurred by security breaches.
Security Review
Process Objective: To review if security measures and procedures are still in line with risk perceptions from the business side, and to verify if those measures and procedures are regularly maintained and tested.

 

ITIL Terms: Information Security Management

Availability/ ITSCM/ Security Testing Schedule
A schedule for the regular testing of all availability, continuity and security mechanisms, jointly maintained by Availability, IT Service Continuity and Information Security Management.
Information Security Policy
The main Information Security Policy contains an outline of the approach to ensure the security of IT services and systems. It is typically complemented by a set of more specific underpinning policies, e.g. policies on e-mail usage or remote system access. The Information Security Policy includes a list of security-related risks and existing or planned Security Controls to address those risks.
Information Security Report
The Information Security Report provides other Service Management processes and IT Management with information related to Information Security issues.
Security Advisories
A list of known security vulnerabilities compiled from input by third-party product suppliers. The list contains instructions for preventive measures and for the handling of security breaches once they occur.
Security Alert
A warning produced by Information Security Management, typically released when outbreaks of security threats are foreseeable or already under way. The aim is to make sure that users and IT staff are able to identify any attacks and take appropriate precautions.
Security Management Information System (SMIS)
A virtual repository of all Information Security Management data, usually stored in multiple physical locations.
Test-Report
A report of the preparation, progress and evaluation of a test, created for example during the various tests carried out by Availability, IT Service Continuity or Information Security Management.
Underpinning Information Security Policy
Underpinning Information Security Policies are specific policies complementing the main Information Security Policy by setting binding rules for the use of systems and information as well as for the use and delivery of services, with the aim of improving information security.

 

Additional Information

ITIL KPIs

ITIL Roles

Information Security Manager - Process Owner
The Information Security Manager is responsible for ensuring the confidentiality, integrity and availability of an organization’s assets, information, data and IT services.
He is usually involved in an organizational approach to Security Management which has a wider scope than the IT service provider, and includes handling of paper, building access, phone calls etc., for the entire organization.

 

Downloads

Overview ITIL Security Management

Use the following links to open the process overview of Information Security Management showing the most important interfaces:

ITIL Security Management
Information Security Management at a glance