ITIL Security Management

Security Management is an integral part of the other IT disciplines. It has both a business and service focus. Through the execution of the processes, the organization will meet regulatory agency requirements, such as Sarbanes-Oxley, FDIC, SEC and/or HIPAA.

Using the ITIL Security Management process framework provides common, well-understood concepts and terminology so people clearly understand the reasons behind the security policies and procedures, as well as potential risk to the organization if they are not observed and followed. All organizational information is evaluated, risks assessed, and appropriate policies to control access and dissemination put in place.

The ITIL Security Management process includes these components:

Control

• Policies
• Organization
• Reporting

Plan

• SLA section
• Underlying contracts
• OLA section
• Reporting

Implement

• Classifications
• Personnel security
• Security policies
• Access controls
• Reporting

Evaluate

• Self-assessment
• External Audit
• Internal Audit
• Assessment as result of security incident
• Reporting

Maintain

• SLA sections
• OLA sections
• Requests for changes, additions, deletions
• Reporting

Security management is one of the few ITIL areas not touched by TeamQuest solutions. However, TeamQuest does provide an option for securing network communications between its components.

For more information, you may find it useful to visit Wikipedia. Please know that TeamQuest in no way controls the content found there.