IT Security Management

From IT Process Wiki
Revision as of 10:28, 13 July 2011 by Andrea (talk | contribs)

<seo metakeywords="it security management, itil security management, security management itil, itil security management process, security management process" metadescription="IT Security Management: ITIL process definition - subprocesses - Additional information on IT Security Management." />

DE - ES - IT Security Managementdiese Seite auf Deutschesta página en español
DE - ES - IT Security Management


ITIL IT Security Management: Overview

Process Objective: To ensure the confidentiality, integrity and availability of an organisation's information, data and IT services. Information Security Management usually forms part of an organisational approach to security management which has a wider scope than the IT Service Provider.

Part of: Service Design

Process Owner: IT Security Manager


IT Security Management: Process Definition

IT Security Management ITIL

ITIL V2 provided guidance on IT Security Management in a separate book. ITIL V3 treats IT Security Management as part of the Service Design core volume, resulting in a better integration of this process into the Service Lifecycle. The process was updated to account for new security concerns.

The following sub-processes are part of ITIL Security Management:

Sub-Processes

Design of Security Controls
Process Objective: To design appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services.
Security Testing
Process Objective: To make sure that all security mechanisms are subject to regular testing.
Management of Security Incidents
Process Objective: To detect and fight attacks and intrusions, and to minimize the damage incurred by security breaches.
Security Review
Process Objective: To review if security measures and procedures are still in line with risk perceptions from the business side, and to verify if those measures and procedures are regularly maintained and tested.


Downloads

Use the following links to open the process overview of IT Security Management showing the most important interfaces:


ITIL Terms: IT Security Management

Availability/ ITSCM/ Security Testing Schedule
A schedule for the regular testing of all availability, continuity and security mechanisms, jointly maintained by Availability, IT Service Continuity and IT Security Management.
IT Security Policy
IT Security Policies set binding rules for the use of services and systems with the aim of improving IT security.
IT Security Report
The IT Security Report provides other Service Management processes and IT Management with information related to IT Security issues.
IT Security Strategy
The IT Security Strategy contains an outline of the approach to ensure the security of IT services and systems. It includes a list of security-related risks and existing or planned Security Controls to address those risks.
Security Advisories
A list of known security vulnerabilities compiled from input by third-party product suppliers. The list contains instructions for preventive measures and for the handling of security breaches once they occur.
Security Alert
A warning produced by IT Security Management, typically released when outbreaks of security threats are foreseeable or already under way. The aim is to make sure that users and IT staff are able to identify any attacks and take appropriate precautions.
Security Management Information System
A virtual repository of all IT Security Management data, usually stored in multiple physical locations.
Test Report
A report of the preparation, progress and evaluation of a test, created for example during the various tests carried out by Availability, IT Service Continuity or IT Security Management.

Additional Information on IT Security Management

ITIL KPIs


ITIL Roles in IT Security Management

IT Security Manager - Process Owner
The IT Security Manager is responsible for ensuring the confidentiality, integrity and availability of an organization’s assets, information, data and IT services.
He is usually involved in an organizational approach to Security Management which has a wider scope than the IT service provider, and includes handling of paper, building access, phone calls etc., for the entire organization.


Home > ITIL Processes > Service Design > IT Security Management