Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: TRagan
New Today: 8
New Yesterday: 78
Overall: 144642

People Online:
Visitors: 64
Members: 3
Total: 67 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Availability + Security
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Availability + Security

 
Post new topic   Reply to topic    ITIL Forum Index -> Related Topics
View previous topic :: View next topic  
Author Message
Ziad
Senior Itiler


Joined: Sep 27, 2006
Posts: 91

PostPosted: Sun Oct 01, 2006 7:39 pm    Post subject: Availability + Security Reply with quote

As most of us are aware, ITIL v2 does not have a Security Management process, I have been informed that this will be part of ITIL v3.

I've been taught that Security Management is part of Availability Management.
- Does anyone have any thoughts that can support that fact? Please explain some?
- In case we agree on the above, can someone tell how can availability management (as a support for security) protect against security threats, ie: a website hack?

Thanks,
Z!
Back to top
View user's profile Send e-mail
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3312
Location: London, UK

PostPosted: Mon Oct 02, 2006 12:43 am    Post subject: Reply with quote

Funny

I see Security Management as a separate process set covering Service Support Delivery, ICT Infrastructure & Application Management

The graphic from itSMF pocketbook IT Security Managment shows that

BS7799 is another standard for this endevour.

Or are you talking about specific threats or setup

If you are talking about a hack attack or an exploit, it is an Incident - solved by a Change to the environment

SQL Slammer worm patch from Micrsoft prevents the worm from working
Cisso IOS vulnerability patch prevents exploits
Period MS patches fixing holes.

If you are talking about what ports/protocols the specific network groups should block allow etc... that is a business decision not an ITIL or any other process decision.

What ITIL and the other processes should do is help you write the processes, review them, evaluate and enforce them.
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
Ziad
Senior Itiler


Joined: Sep 27, 2006
Posts: 91

PostPosted: Mon Oct 02, 2006 1:20 am    Post subject: Reply with quote

Indeed we can clearly see "Security Management" in the graph from the ITSMF booklet... But if we dig within the same booklet we won't find any chapter about Security Management. While we can find Security as an Element of Availability Management (page 65).
So yes, Security Management is part of of Availability Management.

You are right, BS7799 handles all aspects of security but I wanted to know how is this handeled with ITIL.

I am not trying to play the smart guy here, but my question was in reference to a question that was part of a previous Service Manager exam (I do not know which one), it was referred to be by a friend since I am currently preparing to sit for my Service Manager exam early next month.

Cheers,
Z!
Back to top
View user's profile Send e-mail
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3312
Location: London, UK

PostPosted: Mon Oct 02, 2006 4:52 am    Post subject: Reply with quote

Bonk.. Ouch... that hurts

You are right.

OK How would ITIL handle security.

OK let us look from all the support disciplines
Service Support
Incident Mgmt
Any security event could be an incident or a Major Incident
Problem Mgmt
A recurring event could be a candidate for Problem Mgmt - problem or error control
Change Mgmt
In order to fix the security issue, a RFC has to be raised
Release Mgmt
Pushing out the fix after the required Build//Test
Configuration Mgmt
Having the details about the software version, IP ranges, software...
Service Desk
poor sods.. they have to get the monitoring alerts, customer complaints, and create all the incident tickets

Service Delivery
Availability
Any security issue can affect the Availability of Service
Service Level MGMT
Any SLA should have a clause for emergency patching, network protocals and ports open (relevent to the particular service of course)
Capacity
Will the security concerns adversely affect the capacity of IT to provide services.
Continuity (Disaster Recovery)
need I say more.... a Security breach may force you to activate your DR site
Financial
Cost of the security breach or the fix to prevent it if ithas not occured

This I think is more what you want
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
m_croon
Senior Itiler


Joined: Aug 11, 2006
Posts: 262
Location: Netherlands

PostPosted: Mon Oct 02, 2006 6:43 am    Post subject: Reply with quote

Actually, a seperate book on security management was published by CCTA/OGC in 1999. I think it was somewere in between of ITIL1 and ITIL2 that this was published. For years, it has been debated whether it was a full part of service delivery. It has in my opinion always "stood apart".

Book ISBN: 011330014X
CD ISBN: 0113309422
Online Subscription Code: 7003152
Date Published: 20 April 1999
Back to top
View user's profile Visit poster's website
Ziad
Senior Itiler


Joined: Sep 27, 2006
Posts: 91

PostPosted: Mon Oct 02, 2006 4:55 pm    Post subject: Reply with quote

Thank you John,
Very helpful as usual.

Z!
Back to top
View user's profile Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Related Topics All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.