Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: BereniceP
New Today: 25
New Yesterday: 76
Overall: 142320

People Online:
Visitors: 69
Members: 3
Total: 72 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - ITIL and Information Security
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ITIL and Information Security

 
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion
View previous topic :: View next topic  
Author Message
sundareshwark
Newbie
Newbie


Joined: Aug 30, 2005
Posts: 3

PostPosted: Mon Sep 05, 2005 5:57 pm    Post subject: ITIL and Information Security Reply with quote

Hi,

I am currently working on a project that deals with the relation of ITIL and Information security. Need some help regarding a few concepts.

The client of mine has performed an Information Risk Assessment of all the IT assets in the organization. As a part of the Risk Assessment the following was performed:

1. Asset Identification & Valuation
2. Threat Identification
3. Vulnerability Identification
4. Controls Assessement & Measure of risk
5. Risk treatment and remediation plan
6. Contionious monitoring

The Information security directorate plays the oversight role for all these activities. Each of these activities is performed by seperate departments. For instance, Asset identification, valuation and vulnerability identification would be carried out by the system/ asset owner. Any new vulnerability to be patchd up would be done by the IT department (system admins. etc.)

The client wants us to develop SLA/OLA/UC with the various parties involved so that each of these parties/ teams can be monitored effectively.

Also, could anyone help me out with the relationship of ITIL and security. I am aware that IT Security Management is one of the sections in ITIL. But am not able to draw up a picture of the same.

Warm regards,

Sundar
Back to top
View user's profile
mcardinal
Senior Itiler


Joined: Oct 06, 2004
Posts: 77
Location: Bloomington, IL

PostPosted: Sat Oct 08, 2005 5:08 am    Post subject: Reply with quote

Security is best seen as an umbrella that applies to all of ITIL. It really is a sister discipline to Service Level Management-both are the glue that hold the framework together. All activities in IT (not just Information or data) require consideration of Security.

As far as the SLA question, you might consider approaching it from a supply chain perspective. Each item in your list is a process step. Someone must perform the steps. Thus each step is really a service in the delivery of Information Security. Now you have services identified; you can write OLAs between each process/service owner and their receiver in the supply chain. The sum of the OLAs then make up your SLA for Information Security.

You might want to refer to the Business Perspective (Purple) book for more information on building a service/supply chain.

Hope this helps!

Michael
Back to top
View user's profile Send e-mail MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.