Service Design, Information Security management in ITIL, ITIL Course
Service Design
Information Security management
Introduction
Availability is for those who are granted access to the information. This information should be secure and protected to maintain authenticity.
Purpose and Objectives
The purpose of Information Security Management is to align IT security with business security and ensure that information security is effectively managed in all service and IT Service Management activities.
Information Security Management (ISM) ensures that:
• an Information Security Policy is implemented, maintained and enforced that fulfills the needs of the Business Security policy and the requirements of corporate governance.
• awareness of the need for security within all IT services and assets is properly raised.
• the Information Security Policy is appropriate for the needs of the organization.
• all aspects of IT and information security within all areas of IT and Service
Management activity are managed.
The objectives of Information Security Management are met when the following are properly managed:
• Availability: Information is availableand usable when required.
• Confidentiality: Information is observedby or disclosed to only those who have a right to know.
• Integrity: Information is complete, accurateand protected against unauthorized modification.
• Authenticity and Non-repudiation: Business transactions, as well as information exchanges betweenenterprises or with partners, can be trusted.
• Security Baselines: The security level adoptedby the IT organization for its own security and from the point of view of “due diligence”. It would be possible to have multiple baselines.
Service Design, Information Security management in ITIL, ITIL Course
Scope
The information security management process should be the focal point for all IT security issues, and must ensure that an information security policy is produced, maintained and enforced that covers the use and misuse of all IT systems and services.
The information security management process should include:
• The production,maintenance, distribution and enforcementof an information security policy and supporting security policies
• Understanding the agreed current and future security requirements of the business and the existing business security policy and plans
• Implementation of a set of security controls that support the information security policy and manage risks associated with access to services, information and systems
• Documentation of all security controls, together with the operation and maintenance of the controlsand their associated risks
• Management of suppliers and contracts regarding access to systems and services, in conjunction with supplier management
• Management of all security breaches, incidents and problems associated with all systems and services
• The proactive improvement of security controls, and security risk management and the reduction of security risks
• Integration of security aspects within all other ITSM processes.
Information Security Policy
Information Security Management shouldbe driven by an InformationSecurity Policy and a set of underpinning specific security policies.
The policy should cover all areas of security, meet the needs of the business and include the following:
• An overall Information Security Policy
• Use and misuse of IT assets policy
• An access control policy
• A password control policy
• An e–mail policy
• An internetpolicy
• An anti-virus policy
• An information classification policy
• A document classification policy
• A remote accesspolicy
• A policy with regard to supplier access of IT service, information and components
• An asset disposal policy
These policies should be widely available to all customers and users and their compliance shouldbe referred to in all SLRs, SLAs, contracts and agreements.
Roles
An Information Security Manager is responsible for ensuring that the aims of
Information Security Management are met.
The responsibilities of an Information Security Manager include:
• The achievement of the process goals.
• Development, communication,maintenance and enforcement of the Information
Security Policy.
• Assisting in Business Impact Analysis.
• Security Risk Management is performed in conjunction with Availability and IT Service Continuity Management.
More details on the roles of Information Security Manager:
• Develop and maintain the Information Security Policy.
• Communicate and publicize the Information Security Policy to other parties.
• Identify and classify IT and information assets.
• Assist with Business ImpactAnalyses.
• Perform security risk analysis and risk management.
• Design security controls and develop security plans.
• Monitor and manage all security breaches.
• Report, analyze and reduce the impact and volumes of all security incidents.
• Promote education and awareness of security.
• Ensure all changes are assessed for impact on all security aspects.
• Perform security tests.
• Participate in security reviews.
• Maintain the integrity, confidentiality and availability of services.
• Ensure access to services by external partners and suppliers is subject to contractual agreement.
• Act as a focal point for all security issues.
Service Design, Information Security management in ITIL, ITIL Course
Find everything you need.
Search Product, Service, Properties and items on a single site ShareMeBook.
What is the basic concept of ITIL?
ITIL defines a lifecycle for Service Management that allows us to consider the services in a global way: rationale, design, construction, testing, deployment, upgrade, and removal. The phases of the lifecycle are the following: Strategy: Promotes the vision of Service Management as a strategic asset.#ITIL Service Design, Information Security management in ITIL, ITIL Course
Service Desk ITIL, Information technology infrastructure library
Continual Service Improvement Measurements in ITIL – ITIL Course
What is ITIL certification?
ITIL is a global framework designed to help improve customer experience. Learn what is ITIL certification, benefits of certification and how to get certified. ITIL is a global framework of best practices for IT service management focused on reducing risk, improving customer relations, and supporting IT environments.
Service Design, Information Security management in ITIL, ITIL Course
ITIL, ITIL Foundation Course, ITIL V3, ITIL Course, ITIL – Course, online itil, itil certification, online material for itil course