Posted: Sun Oct 01, 2006 7:39 pm Post subject: Availability + Security
As most of us are aware, ITIL v2 does not have a Security Management process, I have been informed that this will be part of ITIL v3.
I've been taught that Security Management is part of Availability Management.
- Does anyone have any thoughts that can support that fact? Please explain some?
- In case we agree on the above, can someone tell how can availability management (as a support for security) protect against security threats, ie: a website hack?
Indeed we can clearly see "Security Management" in the graph from the ITSMF booklet... But if we dig within the same booklet we won't find any chapter about Security Management. While we can find Security as an Element of Availability Management (page 65).
So yes, Security Management is part of of Availability Management.
You are right, BS7799 handles all aspects of security but I wanted to know how is this handeled with ITIL.
I am not trying to play the smart guy here, but my question was in reference to a question that was part of a previous Service Manager exam (I do not know which one), it was referred to be by a friend since I am currently preparing to sit for my Service Manager exam early next month.
Joined: Sep 16, 2006 Posts: 3437 Location: London, UK
Posted: Mon Oct 02, 2006 4:52 am Post subject:
Bonk.. Ouch... that hurts
You are right.
OK How would ITIL handle security.
OK let us look from all the support disciplines
Any security event could be an incident or a Major Incident
A recurring event could be a candidate for Problem Mgmt - problem or error control
In order to fix the security issue, a RFC has to be raised
Pushing out the fix after the required Build//Test
Having the details about the software version, IP ranges, software...
poor sods.. they have to get the monitoring alerts, customer complaints, and create all the incident tickets
Any security issue can affect the Availability of Service
Service Level MGMT
Any SLA should have a clause for emergency patching, network protocals and ports open (relevent to the particular service of course)
Will the security concerns adversely affect the capacity of IT to provide services.
Continuity (Disaster Recovery)
need I say more.... a Security breach may force you to activate your DR site
Cost of the security breach or the fix to prevent it if ithas not occured
This I think is more what you want _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
Joined: Aug 11, 2006 Posts: 262 Location: Netherlands
Posted: Mon Oct 02, 2006 6:43 am Post subject:
Actually, a seperate book on security management was published by CCTA/OGC in 1999. I think it was somewere in between of ITIL1 and ITIL2 that this was published. For years, it has been debated whether it was a full part of service delivery. It has in my opinion always "stood apart".
Book ISBN: 011330014X
CD ISBN: 0113309422
Online Subscription Code: 7003152
Date Published: 20 April 1999
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum