SlideShare una empresa de Scribd logo

Dit yvol2iss37

Rick Lemieux
Rick Lemieux
Tecnología
1 de 5
Descargar para leer sin conexión
itSM Solutions® DITY™ Newsletter Reprint This is a reprint of an itSM Solutions® DITY™ Newsletter. Our members receive our weekly DITY Newsletter, and have access to practical and often entertaining articles in our archives. DITY is the newsletter for IT professionals who want a workable, practical guide to implementing ITIL best practices -- without the hype. become a member (It's Free. Visit http://www.itsmsolutions.com/newsletters/DITY.htm) Publisher itSM Solutions™ LLC 31 South Talbert Blvd #295 Lexington, NC 27292 Phone (336) 510-2885 Fax (336) 798-6296 Find us on the web at: http://www.itsmsolutions.com. To report errors please send a note to the editor, Hank Marquis at hank.marquis@itsmsolutions.com For information on obtaining copies of this guide contact: sales@itsmsolutions.com Copyright © 2006 Nichols-Kuhn Group. ITIL Glossaries © Crown Copyright Office of Government Commerce. Reproduced with the permission of the Controller of HMSO and the Office of Government Commerce. Notice of Rights / Restricted Rights Legend All rights reserved. Reproduction or transmittal of this guide or any portion thereof by any means whatsoever without prior written permission of the Publisher is prohibited. All itSM Solutions products are licensed in accordance with the terms and conditions of the itSM Solutions Partner License. No title or ownership of this guide, any portion thereof, or its contents is transferred, and any use of the guide or any portion thereof beyond the terms of the previously mentioned license, without written authorization of the Publisher, is prohibited. Notice of Liability This guide is distributed "As Is," without warranty of any kind, either express or implied, respecting the content of this guide, including but not limited to implied warranties for the guide's quality, performance, merchantability, or fitness for any particular purpose. Neither the authors, nor itSM Solutions LLC, its dealers or distributors shall be liable with respect to any liability, loss or damage caused or alleged to have been caused directly or indirectly by the contents of this guide. Trademarks itSM Solutions is a trademark of itSM Solutions LLC. Do IT Yourself™ and DITY™ are trademarks of Nichols-Kuhn Group. ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office, and is used here by itSM Solutions LLC under license from and with the permission of OGC (Trade Mark License No. 0002). IT Infrastructure Library ® is a Registered Trade Mark of the Office of Government Commerce and is used here by itSM Solutions LLC under license from and with the permission of OGC (Trade Mark License No. 0002). Other product names mentioned in this guide may be trademarks or registered trademarks of their respective companies.
11 Ways ITIL Improves Security Subscribe Vol. 2.37 PDF Download Back Issues SEPTEMBER 20, 2006 "11 Ways ITIL Improves Security" DITY Weekly Reader The workable, practical guide to Do IT Yourself ITIL improves security governance. ITIL makes security easier and more controlled, thus making it easier to comply with regulations like Sarbanes-Oxley, HIPAA, FISMA, GLBA, NIST 800-53/FIPS200, FFIEC, and others. http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (1 of 4)9/19/2006 10:25:19 AM
11 Ways ITIL Improves Security By Hank Marquis The IT Infrastructure Library® (ITIL®) is best practice. We all know ITIL describes what to do, not how to do it. The descriptive nature of ITIL leads many to wonder what benefits ITIL delivers, if any. However, without too much thought, anyone familiar with a particular industry or IT segment can soon understand how ITIL best practices can assist virtually any operational aspect of IT. hank MARQUIS Articles E-mail Bio Let’s examine security for example. How can ITIL best practices help with the day to day workings of security? The ITIL has a dedicated for security, and includes security as a fabric within the Service Support and Service Delivery books. The ITIL focuses on the process of implementing security requirements identified in Service Level Agreements. However, as always, the ITIL is descriptive and not prescriptive. Following, I show at least 11 ways ITIL can improve or assist in security, and give you a 9-step plan for improving security using ITIL. Security and ITIL ITIL describes a Security Management function (e.g., a group, like Service Desk) that interfaces with other ITIL processes regarding security issues. These issues relate predominantly to the Confidentiality, Integrity and Availability of data, as well as the security of hardware and software components, documentation and procedures. Virtually every organization faces some form of oversight and regulation. We have all heard of Sarbanes-Oxley, but there are many, many more. HIPAA, FISMA, GLBA, COBIT, NIST 800-53/ FIPS200, FFIEC, and others. There are at least five areas to consider with thinking about security and ITIL: 1. 2. 3. 4. 5. The process of security management The relationships between security and the other ITIL processes External relationships as defined in Underpinning Contracts (UCs) Customer facing requirements as defined in Service Level Agreements (SLAs) Internal relationships between functional organizations as defined in Operating Level Agreements (OLA's) Here are some easy ways the best practices in ITIL can improve how IT organizations implement and manage information security in response to regulations. 1. Security requires audits, and regardless of the regulatory environment, IT must support audits. Audits require documentation, process control, and clear roles, responsibilities, and authorities. ITIL processes descriptions provide the basis http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (2 of 4)9/19/2006 10:25:19 AM
11 Ways ITIL Improves Security 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. for sound audits. Security requires control over assets. To control assets you must know what you have, where it’s located, and who can access it. This basis comes directly from ITIL Configuration Management. Most regulation, including HIPAA and SOX, requires analysis and documentation of changes made to IT systems. In change management many issues are to be ensured. Change Management can perform risk analysis, business impact analysis, and security analysis from a centralized perspective. Security management requires an incident category specifically for security related incidents. The ITIL Incident Management process provides the control and flexibility required to manage security incidents quickly and efficiently without a duplicate organization. Security Incidents require review by security management. Having a single point of contact for all matters relating to IT – the ITIL Service Desk – provides a single reporting source for all Incidents, including those pertaining to security. ITIL focuses security where needed based on business requirements, not technology. This is important since most security operations today do what they feel is best for the business instead of just what the business required. This “gold plating” carries a high cost and keeps IT from being seen by the business as a partner. Since ITIL is all about organizational best practices, the security management process itself can operate in a process-driven, methodical manner. This is absolutely critical to success with security. ITIL requires continuous review, audit, and reporting of processes activities. Security requires continuous reviews to remain vigilant. Availability Management describes a centralized engineering and architecture that always takes into account the Confidentiality, Integrity, and Availability of data (CIA). The Service Level Management process sets up, monitors, reports on, and administers agreements with customers (SLA), suppliers (UC), and other IT functional departments (OLA). These contracts and agreements all require security sections. Establish a link between Problem Management and security alert channels. Relevant security issues should be documented and added to the knowledge base for use by Incident Management and the service desk as well as other IT functional groups. Summary ITIL best practices help deliver real security improvements, as well as establishing the controls required for meeting legislative and regulatory requirements. Here is a simple 9 step plan for improving security using ITIL: 1. Work with customers and the business to understand and document security requirements. It is very important that you take your lead from the business. 2. Review with senior IT leaders to ensure review of all relevant legislative, http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (3 of 4)9/19/2006 10:25:19 AM
11 Ways ITIL Improves Security 3. 4. 5. 6. 7. 8. 9. industry, and corporate regulations. Work with other ITIL process managers to validate the ability to support customer (#1 above) and corporate (#2 above) security requirements identified. Negotiate a Service Level Agreement (SLA) that includes a security section. As always, keep it in business terms, and make sure it is measurable. Based on the SLA(s), create and implement Operational Level Agreements (OLAs) between related technical or functional departments or groups. Each OLA requires a security section that clearly spells out and defines how, for example, security incidents will be handled. Review all Underpinning Contracts (UCs) for security as well. They should all include a security section. For example, defining access to customer information and data confidentiality. Update UCs, define and implement OLA's, then publish the SLA. Report on security as you would report on capacity, availability, or changes. As required, iterate the security sections as required. -- Where to go from here: q q q Subscribe to our newsletter and get new skills delivered right to your Inbox, click here. Download this article in PDF format for use at your own convenience, click here. Browse back-issues of the DITY Newsletter, click here. Entire Contents © 2006 itSM Solutions LLC. All Rights Reserved. http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (4 of 4)9/19/2006 10:25:19 AM

Recomendados

Dit yvol4iss32
Dit yvol4iss32Dit yvol4iss32
Dit yvol4iss32Rick Lemieux
 
Raz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security
 
Dit yvol2iss43
Dit yvol2iss43Dit yvol2iss43
Dit yvol2iss43Rick Lemieux
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Dit yvol4iss40
Dit yvol4iss40Dit yvol4iss40
Dit yvol4iss40Rick Lemieux
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Top 10 Myths about ITIL Debunked
Top 10 Myths about ITIL DebunkedTop 10 Myths about ITIL Debunked
Top 10 Myths about ITIL DebunkedTorsten Laser
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery Prof. Jacques Folon (Ph.D)
 

Recomendados

Dit yvol4iss32
Dit yvol4iss32Dit yvol4iss32
Dit yvol4iss32Rick Lemieux
 
Raz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security
 
Dit yvol2iss43
Dit yvol2iss43Dit yvol2iss43
Dit yvol2iss43Rick Lemieux
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Dit yvol4iss40
Dit yvol4iss40Dit yvol4iss40
Dit yvol4iss40Rick Lemieux
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Top 10 Myths about ITIL Debunked
Top 10 Myths about ITIL DebunkedTop 10 Myths about ITIL Debunked
Top 10 Myths about ITIL DebunkedTorsten Laser
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery Prof. Jacques Folon (Ph.D)
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBookPatrick Whelan, CISA
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOpen Access Systems Corporation
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Dit yvol2iss30
Dit yvol2iss30Dit yvol2iss30
Dit yvol2iss30Rick Lemieux
 
Microsoft Core Infrastructure Overview
Microsoft Core Infrastructure OverviewMicrosoft Core Infrastructure Overview
Microsoft Core Infrastructure Overviewjessiethe3rd
 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecurityHelpSystems
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
CyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTCyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTAbdullahi Arabo Jr (MEng, MBCS, PhD)
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Microsoft Core Infratructure
Microsoft Core InfratructureMicrosoft Core Infratructure
Microsoft Core Infratructureirvin1969
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...Compliance Global Inc
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Patten John
 
Dit yvol2iss13
Dit yvol2iss13Dit yvol2iss13
Dit yvol2iss13Rick Lemieux
 
Dit yvol1iss7
Dit yvol1iss7Dit yvol1iss7
Dit yvol1iss7Rick Lemieux
 
Dit yvol4iss04
Dit yvol4iss04Dit yvol4iss04
Dit yvol4iss04Rick Lemieux
 

Más contenido relacionado

La actualidad más candente

Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Microsoft Core Infrastructure Overview
Microsoft Core Infrastructure OverviewMicrosoft Core Infrastructure Overview
Microsoft Core Infrastructure Overviewjessiethe3rd
 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecurityHelpSystems
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Microsoft Core Infratructure
Microsoft Core InfratructureMicrosoft Core Infratructure
Microsoft Core Infratructureirvin1969
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...Compliance Global Inc
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Patten John
 

La actualidad más candente (19)

ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBook
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Dit yvol2iss30
Dit yvol2iss30Dit yvol2iss30
Dit yvol2iss30
 
Microsoft Core Infrastructure Overview
Microsoft Core Infrastructure OverviewMicrosoft Core Infrastructure Overview
Microsoft Core Infrastructure Overview
 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
 
CyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTCyberSecurity_for_the_IoT
CyberSecurity_for_the_IoT
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
Microsoft Core Infratructure
Microsoft Core InfratructureMicrosoft Core Infratructure
Microsoft Core Infratructure
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the Unexpected
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
 

Destacado

Destacado (9)

Dit yvol2iss13
Dit yvol2iss13Dit yvol2iss13
Dit yvol2iss13
 
Dit yvol1iss7
Dit yvol1iss7Dit yvol1iss7
Dit yvol1iss7
 
Dit yvol4iss04
Dit yvol4iss04Dit yvol4iss04
Dit yvol4iss04
 
Dit yvol5iss31
Dit yvol5iss31Dit yvol5iss31
Dit yvol5iss31
 
Dit yvol2iss18
Dit yvol2iss18Dit yvol2iss18
Dit yvol2iss18
 
Dit yvol4iss03
Dit yvol4iss03Dit yvol4iss03
Dit yvol4iss03
 
Dit yvol5iss28
Dit yvol5iss28Dit yvol5iss28
Dit yvol5iss28
 
Dit yvol3iss38
Dit yvol3iss38Dit yvol3iss38
Dit yvol3iss38
 
Dit yvol5iss23
Dit yvol5iss23Dit yvol5iss23
Dit yvol5iss23
 

Similar a Dit yvol2iss37

ITIL Service Desk
ITIL Service DeskITIL Service Desk
ITIL Service Deskjmansur1
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Securityvikasraina
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 

Similar a Dit yvol2iss37 (20)

Dit yvol2iss14
Dit yvol2iss14Dit yvol2iss14
Dit yvol2iss14
 
Dit yvol2iss12
Dit yvol2iss12Dit yvol2iss12
Dit yvol2iss12
 
Dit yvol2iss48
Dit yvol2iss48Dit yvol2iss48
Dit yvol2iss48
 
Dit yvol3iss9
Dit yvol3iss9Dit yvol3iss9
Dit yvol3iss9
 
ITIL Service Desk
ITIL Service DeskITIL Service Desk
ITIL Service Desk
 
Dit yvol1iss4
Dit yvol1iss4Dit yvol1iss4
Dit yvol1iss4
 
Dit yvol2iss28
Dit yvol2iss28Dit yvol2iss28
Dit yvol2iss28
 
Dit yvol2iss11
Dit yvol2iss11Dit yvol2iss11
Dit yvol2iss11
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
Itil 2
Itil 2Itil 2
Itil 2
 
Dit yvol2iss22
Dit yvol2iss22Dit yvol2iss22
Dit yvol2iss22
 
ITIL continual service improvement
ITIL continual service improvementITIL continual service improvement
ITIL continual service improvement
 
Dit yvol2iss50
Dit yvol2iss50Dit yvol2iss50
Dit yvol2iss50
 
CobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast SeminarCobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast Seminar
 
Dit yvol3iss12
Dit yvol3iss12Dit yvol3iss12
Dit yvol3iss12
 
Dit yvol2iss44
Dit yvol2iss44Dit yvol2iss44
Dit yvol2iss44
 
Dit yvol2iss3
Dit yvol2iss3Dit yvol2iss3
Dit yvol2iss3
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Security
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
Dit yvol1iss2
Dit yvol1iss2Dit yvol1iss2
Dit yvol1iss2
 

Más de Rick Lemieux

IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementRick Lemieux
 

Más de Rick Lemieux (20)

IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT Alignement
 
Dit yvol5iss41
Dit yvol5iss41Dit yvol5iss41
Dit yvol5iss41
 
Dit yvol5iss40
Dit yvol5iss40Dit yvol5iss40
Dit yvol5iss40
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38
 
Dit yvol5iss37
Dit yvol5iss37Dit yvol5iss37
Dit yvol5iss37
 
Dit yvol5iss36
Dit yvol5iss36Dit yvol5iss36
Dit yvol5iss36
 
Dit yvol5iss35
Dit yvol5iss35Dit yvol5iss35
Dit yvol5iss35
 
Dit yvol5iss34
Dit yvol5iss34Dit yvol5iss34
Dit yvol5iss34
 
Dit yvol5iss33
Dit yvol5iss33Dit yvol5iss33
Dit yvol5iss33
 
Dit yvol5iss32
Dit yvol5iss32Dit yvol5iss32
Dit yvol5iss32
 
Dit yvol5iss30
Dit yvol5iss30Dit yvol5iss30
Dit yvol5iss30
 
Dit yvol5iss29
Dit yvol5iss29Dit yvol5iss29
Dit yvol5iss29
 
Dit yvol5iss26
Dit yvol5iss26Dit yvol5iss26
Dit yvol5iss26
 
Dit yvol5iss25
Dit yvol5iss25Dit yvol5iss25
Dit yvol5iss25
 
Dit yvol5iss24
Dit yvol5iss24Dit yvol5iss24
Dit yvol5iss24
 
Dit yvol5iss22
Dit yvol5iss22Dit yvol5iss22
Dit yvol5iss22
 
Dit yvol5iss21
Dit yvol5iss21Dit yvol5iss21
Dit yvol5iss21
 
Dit yvol5iss20
Dit yvol5iss20Dit yvol5iss20
Dit yvol5iss20
 
Dit yvol5iss19
Dit yvol5iss19Dit yvol5iss19
Dit yvol5iss19
 
Dit yvol5iss17
Dit yvol5iss17Dit yvol5iss17
Dit yvol5iss17
 

Último

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 

Último (20)

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 

Dit yvol2iss37

  • 1. itSM Solutions® DITY™ Newsletter Reprint This is a reprint of an itSM Solutions® DITY™ Newsletter. Our members receive our weekly DITY Newsletter, and have access to practical and often entertaining articles in our archives. DITY is the newsletter for IT professionals who want a workable, practical guide to implementing ITIL best practices -- without the hype. become a member (It's Free. Visit http://www.itsmsolutions.com/newsletters/DITY.htm) Publisher itSM Solutions™ LLC 31 South Talbert Blvd #295 Lexington, NC 27292 Phone (336) 510-2885 Fax (336) 798-6296 Find us on the web at: http://www.itsmsolutions.com. To report errors please send a note to the editor, Hank Marquis at hank.marquis@itsmsolutions.com For information on obtaining copies of this guide contact: sales@itsmsolutions.com Copyright © 2006 Nichols-Kuhn Group. ITIL Glossaries © Crown Copyright Office of Government Commerce. Reproduced with the permission of the Controller of HMSO and the Office of Government Commerce. Notice of Rights / Restricted Rights Legend All rights reserved. Reproduction or transmittal of this guide or any portion thereof by any means whatsoever without prior written permission of the Publisher is prohibited. All itSM Solutions products are licensed in accordance with the terms and conditions of the itSM Solutions Partner License. No title or ownership of this guide, any portion thereof, or its contents is transferred, and any use of the guide or any portion thereof beyond the terms of the previously mentioned license, without written authorization of the Publisher, is prohibited. Notice of Liability This guide is distributed "As Is," without warranty of any kind, either express or implied, respecting the content of this guide, including but not limited to implied warranties for the guide's quality, performance, merchantability, or fitness for any particular purpose. Neither the authors, nor itSM Solutions LLC, its dealers or distributors shall be liable with respect to any liability, loss or damage caused or alleged to have been caused directly or indirectly by the contents of this guide. Trademarks itSM Solutions is a trademark of itSM Solutions LLC. Do IT Yourself™ and DITY™ are trademarks of Nichols-Kuhn Group. ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office, and is used here by itSM Solutions LLC under license from and with the permission of OGC (Trade Mark License No. 0002). IT Infrastructure Library ® is a Registered Trade Mark of the Office of Government Commerce and is used here by itSM Solutions LLC under license from and with the permission of OGC (Trade Mark License No. 0002). Other product names mentioned in this guide may be trademarks or registered trademarks of their respective companies.
  • 2. 11 Ways ITIL Improves Security Subscribe Vol. 2.37 PDF Download Back Issues SEPTEMBER 20, 2006 "11 Ways ITIL Improves Security" DITY Weekly Reader The workable, practical guide to Do IT Yourself ITIL improves security governance. ITIL makes security easier and more controlled, thus making it easier to comply with regulations like Sarbanes-Oxley, HIPAA, FISMA, GLBA, NIST 800-53/FIPS200, FFIEC, and others. http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (1 of 4)9/19/2006 10:25:19 AM
  • 3. 11 Ways ITIL Improves Security By Hank Marquis The IT Infrastructure Library® (ITIL®) is best practice. We all know ITIL describes what to do, not how to do it. The descriptive nature of ITIL leads many to wonder what benefits ITIL delivers, if any. However, without too much thought, anyone familiar with a particular industry or IT segment can soon understand how ITIL best practices can assist virtually any operational aspect of IT. hank MARQUIS Articles E-mail Bio Let’s examine security for example. How can ITIL best practices help with the day to day workings of security? The ITIL has a dedicated for security, and includes security as a fabric within the Service Support and Service Delivery books. The ITIL focuses on the process of implementing security requirements identified in Service Level Agreements. However, as always, the ITIL is descriptive and not prescriptive. Following, I show at least 11 ways ITIL can improve or assist in security, and give you a 9-step plan for improving security using ITIL. Security and ITIL ITIL describes a Security Management function (e.g., a group, like Service Desk) that interfaces with other ITIL processes regarding security issues. These issues relate predominantly to the Confidentiality, Integrity and Availability of data, as well as the security of hardware and software components, documentation and procedures. Virtually every organization faces some form of oversight and regulation. We have all heard of Sarbanes-Oxley, but there are many, many more. HIPAA, FISMA, GLBA, COBIT, NIST 800-53/ FIPS200, FFIEC, and others. There are at least five areas to consider with thinking about security and ITIL: 1. 2. 3. 4. 5. The process of security management The relationships between security and the other ITIL processes External relationships as defined in Underpinning Contracts (UCs) Customer facing requirements as defined in Service Level Agreements (SLAs) Internal relationships between functional organizations as defined in Operating Level Agreements (OLA's) Here are some easy ways the best practices in ITIL can improve how IT organizations implement and manage information security in response to regulations. 1. Security requires audits, and regardless of the regulatory environment, IT must support audits. Audits require documentation, process control, and clear roles, responsibilities, and authorities. ITIL processes descriptions provide the basis http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (2 of 4)9/19/2006 10:25:19 AM
  • 4. 11 Ways ITIL Improves Security 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. for sound audits. Security requires control over assets. To control assets you must know what you have, where it’s located, and who can access it. This basis comes directly from ITIL Configuration Management. Most regulation, including HIPAA and SOX, requires analysis and documentation of changes made to IT systems. In change management many issues are to be ensured. Change Management can perform risk analysis, business impact analysis, and security analysis from a centralized perspective. Security management requires an incident category specifically for security related incidents. The ITIL Incident Management process provides the control and flexibility required to manage security incidents quickly and efficiently without a duplicate organization. Security Incidents require review by security management. Having a single point of contact for all matters relating to IT – the ITIL Service Desk – provides a single reporting source for all Incidents, including those pertaining to security. ITIL focuses security where needed based on business requirements, not technology. This is important since most security operations today do what they feel is best for the business instead of just what the business required. This “gold plating” carries a high cost and keeps IT from being seen by the business as a partner. Since ITIL is all about organizational best practices, the security management process itself can operate in a process-driven, methodical manner. This is absolutely critical to success with security. ITIL requires continuous review, audit, and reporting of processes activities. Security requires continuous reviews to remain vigilant. Availability Management describes a centralized engineering and architecture that always takes into account the Confidentiality, Integrity, and Availability of data (CIA). The Service Level Management process sets up, monitors, reports on, and administers agreements with customers (SLA), suppliers (UC), and other IT functional departments (OLA). These contracts and agreements all require security sections. Establish a link between Problem Management and security alert channels. Relevant security issues should be documented and added to the knowledge base for use by Incident Management and the service desk as well as other IT functional groups. Summary ITIL best practices help deliver real security improvements, as well as establishing the controls required for meeting legislative and regulatory requirements. Here is a simple 9 step plan for improving security using ITIL: 1. Work with customers and the business to understand and document security requirements. It is very important that you take your lead from the business. 2. Review with senior IT leaders to ensure review of all relevant legislative, http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (3 of 4)9/19/2006 10:25:19 AM
  • 5. 11 Ways ITIL Improves Security 3. 4. 5. 6. 7. 8. 9. industry, and corporate regulations. Work with other ITIL process managers to validate the ability to support customer (#1 above) and corporate (#2 above) security requirements identified. Negotiate a Service Level Agreement (SLA) that includes a security section. As always, keep it in business terms, and make sure it is measurable. Based on the SLA(s), create and implement Operational Level Agreements (OLAs) between related technical or functional departments or groups. Each OLA requires a security section that clearly spells out and defines how, for example, security incidents will be handled. Review all Underpinning Contracts (UCs) for security as well. They should all include a security section. For example, defining access to customer information and data confidentiality. Update UCs, define and implement OLA's, then publish the SLA. Report on security as you would report on capacity, availability, or changes. As required, iterate the security sections as required. -- Where to go from here: q q q Subscribe to our newsletter and get new skills delivered right to your Inbox, click here. Download this article in PDF format for use at your own convenience, click here. Browse back-issues of the DITY Newsletter, click here. Entire Contents © 2006 itSM Solutions LLC. All Rights Reserved. http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (4 of 4)9/19/2006 10:25:19 AM