IT Security Management

From IT Process Wiki
Revision as of 18:51, 15 December 2007 by Andrea (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
diese Seite auf Deutsch

ITIL Version: ITIL Version 3 (ITIL V3)

Process Objective: To ensure the confidentiality, integrity and availability of an organisation's information, data and IT services. Information Security Management usually forms part of an organisational approach to security management which has a wider scope than the IT Service Provider.

Part of: Service Design

Process Owner: IT Security Manager


ITIL V3 vs. ITIL V2: IT Security Management

  • ITIL V2 provided guidance on IT Security Management in a separate book
  • ITIL V3 treats IT Security Management as part of the Service Design core volume, resulting in a better integration of this process into the Service Lifecycle
  • The process was updated to account for new security concerns


Sub-Processes of IT Security Management (ITIL V3)

Overview of the IT Security Management Process, ITIL V3 (.pdf)
Design of Security Controls
Process Objective: To design appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services.
Security Testing
Process Objective: To make sure that all security mechanisms are subject to regular testing.
Management of Security Incidents
Process Objective: To detect and fight attacks and intrusions, and to minimize the damage incurred by security breaches.
Security Review
Process Objective: To review if security measures and procedures are still in line with risk perceptions from the business side, and to verify if those measures and procedures are regularly maintained and tested.



Roles within IT Security Management (ITIL V3)

Retrieved from "https://wiki.en.it-processmaps.com/index.php?title=IT_Security_Management&oldid=1546"