Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
· Home
· Content
· Feedback
· News
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account


The five ITIL books can be obtained directly from the publisher's website:

Or as downloadable PDFs: HERE

Current Membership

Latest: InesDaig
New Today: 40
New Yesterday: 34
Overall: 231612

People Online:
Visitors: 142
Members: 0
Total: 142



Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Related Resources

Service related resources
Service Level Agreement

How to set up
IT Change Management
Process Info-Graphic

NOTE: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


Select Interface Language:

Please contact us via the feedback page to discuss advertising rates.

The Itil Community Forum: Forums

ITIL :: View topic - ITIL and Information Security
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ITIL and Information Security

Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion
View previous topic :: View next topic  
Author Message

Joined: Aug 30, 2005
Posts: 3

PostPosted: Mon Sep 05, 2005 5:57 pm    Post subject: ITIL and Information Security Reply with quote


I am currently working on a project that deals with the relation of ITIL and Information security. Need some help regarding a few concepts.

The client of mine has performed an Information Risk Assessment of all the IT assets in the organization. As a part of the Risk Assessment the following was performed:

1. Asset Identification & Valuation
2. Threat Identification
3. Vulnerability Identification
4. Controls Assessement & Measure of risk
5. Risk treatment and remediation plan
6. Contionious monitoring

The Information security directorate plays the oversight role for all these activities. Each of these activities is performed by seperate departments. For instance, Asset identification, valuation and vulnerability identification would be carried out by the system/ asset owner. Any new vulnerability to be patchd up would be done by the IT department (system admins. etc.)

The client wants us to develop SLA/OLA/UC with the various parties involved so that each of these parties/ teams can be monitored effectively.

Also, could anyone help me out with the relationship of ITIL and security. I am aware that IT Security Management is one of the sections in ITIL. But am not able to draw up a picture of the same.

Warm regards,

Back to top
View user's profile
Senior Itiler

Joined: Oct 06, 2004
Posts: 77
Location: Bloomington, IL

PostPosted: Sat Oct 08, 2005 5:08 am    Post subject: Reply with quote

Security is best seen as an umbrella that applies to all of ITIL. It really is a sister discipline to Service Level Management-both are the glue that hold the framework together. All activities in IT (not just Information or data) require consideration of Security.

As far as the SLA question, you might consider approaching it from a supply chain perspective. Each item in your list is a process step. Someone must perform the steps. Thus each step is really a service in the delivery of Information Security. Now you have services identified; you can write OLAs between each process/service owner and their receiver in the supply chain. The sum of the OLAs then make up your SLA for Information Security.

You might want to refer to the Business Perspective (Purple) book for more information on building a service/supply chain.

Hope this helps!

Back to top
View user's profile Send e-mail MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion All times are GMT + 10 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003

Forums ©


Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.