Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: MVallecil
New Today: 39
New Yesterday: 81
Overall: 143458

People Online:
Visitors: 68
Members: 1
Total: 69 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Security vulnerability
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Security vulnerability

 
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion
View previous topic :: View next topic  
Author Message
tolman101
Itiler


Joined: Sep 26, 2005
Posts: 44
Location: Sweden

PostPosted: Wed Apr 10, 2013 12:00 am    Post subject: Security vulnerability Reply with quote

Hello!

It's been a while since I was on the site having been working in a non-process role the last few years. Now I'm back in the ITIL world and working to develop the Transition and Operational processes. This company is in many respects different from any other I have worked with before. Public sector and Swedish as the business language are two big differences.

Anyway on to my issue. The business information security department run an analysis on the providers network every so often and discover vulnerabilities in the infrastructure. An example may be that we are not running the latest firmware software on our servers. This would involve a rollout across the network through the Release and Deployment processes and the work done by the architecture group. My question is what would be the correct routine for processing these vulnerabilities?

One option we have discussed is contact to the SD resulting in a problem record to problem management. Problem management would then be responsible for ensuring that the issue is resolved.

Interested to hear others thoughts though.

Matt
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3305
Location: London, UK

PostPosted: Wed Apr 10, 2013 4:01 pm    Post subject: Reply with quote

Tolmam101

If it goes though the Change & Relase mgmt process.. then that is the way to go

As to a problem record... why ? A problem record is for something that is unknown underlying root cause

This is Run & Maintain..... activity that require C&RM Process
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
KenLuo
Senior Itiler


Joined: Nov 03, 2012
Posts: 55
Location: Singapore

PostPosted: Thu Apr 11, 2013 5:34 pm    Post subject: Reply with quote

It should go through Change Management process, Release and Deployment.
_________________
Luo, Tian-Hong (Ken)
Regional Operation Lead

ITIL Expert Certified
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> ITIL Discussion All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.