What is ITIL Security Management (ISM)?
Security Management is an integral part of the other IT disciplines. It has both a business and service focus. Through the execution of the processes, the organization will meet regulatory agency requirements, such as Sarbanes-Oxley, FDIC, GDPR, SEC and/or HIPAA.
Using the ITIL Security Management process framework provides common, well-understood concepts and terminology so people clearly understand the reasons behind the security policies and procedures, as well as potential risk to the organization if they are not observed and followed. All organizational information is evaluated, risks assessed, and appropriate policies to control access and dissemination put in place.
Process Components
The ITIL Security Management process includes these components:
CONTROL
Which includes:
-
Policies
-
Organization
-
Reporting
PLAN
Which includes:
-
SLA section
-
Underlying contracts
-
OLA section
-
Reporting
IMPLEMENT
Which includes:
-
Classifications
-
Personnel security
-
Security policies
-
Access controls
-
Reporting
EVALUATE
Which includes:
-
Self-assessment
-
External Audit
-
Internal Audit
-
Assessment as result of security incident
-
Reporting
MAINTAIN
Which includes:
-
SLA sections
-
OLA sections
-
Requests for changes, additions, deletions
-
Reporting
Getting Started
Take the Next Step
Read the guide:
Explore the software:
Continue Learning
ITIL Components:
Business Relationship Management
ICT Infrastructure Management
Application Management
Security Management (current)
Service Delivery
- Service Level Management
- Financial Management
- Capacity Management
- Availability Management
- Continuity Management
Service Support
- Incident Management
- Problem Management
- Configuration Management