Security Management

    Security Management is an integral part of the other IT disciplines. It has both a business and service focus. Through the execution of the processes, the organization will meet regulatory agency requirements, such as Sarbanes-Oxley, FDIC, SEC and/or HIPAA.

    Using the ITIL Security Management process framework provides common, well-understood concepts and terminology so people clearly understand the reasons behind the security policies and procedures, as well as potential risk to the organization if they are not observed and followed. All organizational information is evaluated, risks assessed, and appropriate policies to control access and dissemination put in place.

    The ITIL Security Management process includes these components:

    CONTROL

    • Policies
    • Organization
    • Reporting

    PLAN

    • SLA section
    • Underlying contracts
    • OLA section
    • Reporting

    IMPLEMENT

    • Classifications
    • Personnel security
    • Security policies
    • Access controls
    • Reporting

    EVALUATE

    • Self-assessment
    • External Audit
    • Internal Audit
    • Assessment as result of security incident
    • Reporting

    MAINTAIN

    • SLA sections
    • OLA sections
    • Requests for changes, additions, deletions
    • Reporting

    Security management is one of the few ITIL areas not touched by TeamQuest solutions. However, TeamQuest does provide an option for securing network communications between its components.

    For more information, you may find it useful to visit Wikipedia. Please know that TeamQuest in no way controls the content found there.