Security Management - Information Technology Infrastructure Library Concept - Itil

Security management - Information Technology Infrastructure Library Concept

Objectives and Basic concepts -

Security Management: Protection of any IT function or data from unauthorized access, minimize security exposure or vulnerability, reduce impact of security breaches, and develop security policies that can be implemented by Availability Management.

Security management: Important terms include Confidentiality, Availability and Integrity of data.

Confidentiality: protection of data against unauthorized use and access.

Integrity: completeness and accuracy of data, meaning no compromise on the data used by the business.

Availability: Information should be readily available at any agreed time.

Security mgmt focuses on:

Meeting security requirements as per the SLA, external security requirements and regulations

Providing a basic level of internal security in an organization

Benefits of Security management in industry

By implementing security mgmt, an organization can achieve internal security which could further help in effectively performing the operations

Providing external security will enable higher customer satisfaction

Help in continuity of an organization

Activities in the Security mgmt process that you should know

Planning (defining objectives of security mgmt in consultation with SLM)--> Implement (classifying IT resources, access control etc) -->Evaluate (evaluating the implemented plan, verifying compliance) -->Maintenance (maintaining the security plan in accordance with the SLA) -->Reporting (to provide information about achieved security performance and informing customers about the security issues)

Costs and problems associated with implementing effective security management in a company

Personnel, hardware, software and operational costs

Lack of commitment from senior management and its employees

Lack of awareness and training among the personnel of the company to perform under the guidelines of effective security management

Incident Management

Again, here we review the important aspects of Incident management which is yet another important aspect of ITSM. Please bear in mind that these days more and more case type questions are being asked about Incident, problem and Change management in the ITIL certification exams. These three areas are completely different though sometimes a person can confuse between the three. Please check other processes too for better explanation and clarification.

Objectives and Basic concepts

Incident: Any event which is not a pert of standard operation of a service and which causes