SlideShare une entreprise Scribd logo

ITIL and IT Security Architecture

Leo de Sousa
Leo de Sousa

This paper describes the interaction between the IT Infrastructure Library (ITIL<sup>®</sup>) and IT Security Architecture (ITSA) within the overall context of Enterprise Architecture (EA). Enterprise Architecture provides a holistic approach to the integration and management of an organization’s strategy, business and technology.

BusinessTechnologie
1  sur  7
Télécharger pour lire hors ligne
IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 ITIL® and IT Security Architecture Leo de Sousa – IST 725 Abstract This paper describes the interaction between the IT Infrastructure Library (ITIL®) and IT Security Architecture (ITSA) within the overall context of Enterprise Architecture (EA). Enterprise Architecture provides a holistic approach to the integration and management of an organization’s strategy, business and technology. IT Security Architecture is a component of Enterprise Architecture. The EA3 Cube Framework shows how ITSA fits in a documented enterprise architecture. IT Security is considered a planning thread that is a “common activity that is present in all levels of the framework.” (Bernard, 2005, p. 42) ITIL® specifically addresses the IT service component of Enterprise Architecture. ITIL® is an approach to IT Service Management “to drive consistency, efficiency and excellence into the business of managing IT services.” (itSMF Ltd, UK Chapter, 2007, p. 3) ITIL® contains five components built around a Service Lifecycle. The components are Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. The sections of this paper are: (a) Introduction, (b) Relations between ITIL®, IT Security Architecture and Enterprise Architecture (c) Interactions of ITIL® and ITSA and (d) Conclusion. After reading this paper, the reader should have a clear understanding of how ITIL® interacts with IT Security Architecture practices within Enterprise Architecture. Introduction This paper uses Enterprise Architecture as the overarching framework to model and understand how ITIL® and IT Security Architecture interact together. Enterprise Architecture provides a holistic approach to the integration and management of an organization’s strategy, business and technology. EA addresses “policy, planning, decision-making and resource development that is useful to executives, line managers, and support staff.” (Bernard, 2005, p. 33) IT Infrastructure Library (ITIL®) was developed by the UK Office of Government Commerce in the 1980’s. The current version is ITIL® V3 and is a major rewrite from ITIL® V2. IT Infrastructure Library (ITIL®) “provides a framework of Best Practice guidance for IT Service Management and since its creation, ITIL® has grown to become the most widely accepted approach to IT Service Management in the world.” (itSMF Ltd, UK Chapter, 2007, p. 2) ITIL® suggests organizations take a holistic approach to IT service management with a focus on value to customers. Services have two value measures: • Utility – is the service delivering the required functionality? “fit for purpose” • Warranty – is the service delivered in the expected timeframe, in a secure manner and available for customers when necessary? “fit for use” Leo de Sousa Page 1
IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 ITIL® contains five components built around a Service Lifecycle. The components are Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. IT Security Architecture “is the art and science of designing and supervising the construction of business systems, usually business information systems, which are: free from danger, damage, etc.; free from fear, care, etc.; in safe custody; not likely to fail; able to be relied upon; safe from attack.” (Sherwood, Clark, & Lynas, 2005, p. 2) The SABSA® Model captures IT Security Architecture in six layers: Contextual Security Architecture, Conceptual Security Architecture, Logical Security Architecture, Physical Security Architecture, Component Architecture and Operational Security Architecture. (Sherwood, Clark, & Lynas, 2005, p. 34) (SABSA, 2012) Components of IT Security Architecture reside within parts of the ITIL® Service Lifecycle and both reside in the Enterprise Architecture framework which encompasses the entire business. Relations between ITIL®, IT Security Architecture and Enterprise Architecture The EA3 Cube Documentation Framework (Bernard, 2005, p. 38) provides an excellent framework for understanding the interactions between ITIL® and ITSA. The EA3 Cube describes an Enterprise Architecture by documenting the current state and future state of an enterprise as well as creating a management plan for change. Here is an image of the EA3 Cube Documentation Framework and the ITIL® V3 Framework: Looking at the EA3 Cube, we can see how each component interacts when modeling an organization. ITIL® suggests IT Service Management best practices for the Service Lifecycle for Services, Data and Information, Systems and Applications, Networks and Infrastructure and Security/Standards in the EA framework. IT Security Architecture (ITSA) is one of the planning threads in the EA3 Cube framework. IT Security Architecture helps identify issues and the risks that could impact a company and its partners. ITSA also provides a framework for planning and implementing secure business practices. Integrating ITSA and ITIL® enables a business to Leo de Sousa Page 2 focus on best practices in security and IT service management to deliver value.
IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 The diagram below represents the relationships between EAITILITSA. •Assets (What) •Process (How) EA (S+B+T) •Location (Where) •People (Who) •Time (When) •Motivation (Why) •Service Strategy ITIL (ITSM) •Service Design •Service Transition •Service Operation •Continual Service Improvement •Contextual Security Architecture •Conceptual Security Architecture ITSA (CIA) •Logical Security Architecture •Physical Security Architecture •Component Architecture •Operational Security Architecture Interactions of ITIL® and ITSA This section explores the impacts of ITIL® on ITSA. The table below lists all the ITIL processes by component type - interactions with ITSA are bolded. (Clinch, 2009, pp. 16-17) Service Strategy Service Design Service Service Continual Service Transition Operations Improvement Demand Mgmt Service Catalogue Knowledge Mgmt Incident Mgmt Service Mgmt Measurement Financial Mgmt Service Level Change Mgmt Problem Mgmt Service Reporting Mgmt Strategy Capacity Mgmt Asset and Event Mgmt Service Generation Configuration Improvement Mgmt Service Portfolio Availability Release and Request Mgmt Mgmt Deployment Fulfillment Mgmt Service Transition Access Mgmt Continuity Mgmt Planning and Support Information Service Operations Mgmt Security Mgmt Validation and Testing Supplier Mgmt Evaluation Service Desk Application Mgmt Technical Mgmt IT Operations Leo de Sousa Page 3
IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 Service Strategy ITIL® defines Service Strategy as “collaboration between business strategists and IT to develop IT service strategies that support the business strategy.” (Kneller, 2010, p. 3) This section of ITIL® only has generalized references to IT security architecture. There is one specific reference to in the Service Value section: “Service Warranty: how the service is delivered and its fitness for use, in terms of availability, capacity, continuity and security.” (itSMF Ltd, UK Chapter, 2007, p. 14) The intent is security is considered a part of the strategy for creating valuable services for the organization. Service Design ITIL® defines Service Design as “designing the overarching IT architecture and each IT service to meet customers’ business objectives by being both fit for purpose (utility) and fit for use (warranty).” (Kneller, 2010, p. 4) Availability Management, IT Service Continuity Management and Information Security Management processes in ITIL® all provide guidance for implementing security practices. • Availability Management – considers both reactive and proactive activities to ensure services are available for use. IT security architecture provides proactive guidance to protect services as well as responding to security attacks or breaches that compromise a service (e.g. Denial of Service attacks) • IT Service Continuity Management – considers ongoing recovery capabilities for services. IT security architecture guides the design of recovery capabilities and infrastructures to ensure that services can be recovered and delivered securely • Information Security Management – is the main ITIL® process for IT security architecture. This process seeks to align IT security with business security and protect the information assets for all services. This process uses the CIA (confidentiality, integrity, availability) model to suggest best practices of IT security in services. Service Transition ITIL® defines Service Transition as “managing and controlling changes into the live IT operational environment, including the development and transition of new or changed IT services.” (Kneller, 2010, p. 4) Knowledge Management, Change Management, Asset and Configuration Management, Release and Deployment Management and Service Validation and Testing processes all have IT security architecture components. • Knowledge Management – ensures that the correct person has access to the right knowledge, at the correct time to deliver and support business services. This process uses the IT Security Architecture CIA (confidentiality, integrity, availability) model to suggest best practices for information security • Change Management – delivers standard and secure methods to manage change to services. IT security architecture should be integrated with Change Management processes to ensure that introduction of new configuration items do not increase the risk to the services they support. IT security reviews are also important for reviewing Leo de Sousa Page 4
IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 changes to existing services to maintain the agreed upon security levels. IT security architecture must be considered for all levels of change from strategic to tactical to operational. Effective implementation of this process limits unauthorized changes that could create security risks. • Asset and Configuration Management – accounts for service assets and configuration items to protect their integrity for the service lifecycle. IT Security architecture integrates with this process especially when considering Data and Information Architecture, Systems and Application Architecture and Networks and Infrastructure Architecture segments. Being able to identify, control and account for corporate information assets protects companies from security breaches, data leakage and information security compliance failures. Creating a Configuration Management System to record and track all configuration items used to deliver services is a key function for security. • Release and Deployment Management – ensures that changes are securely released into the production environment that supports business services. Implementing auditing and release controls following IT security best practices align this ITIL® process with ITSA. Effective implementation of this process limits unauthorized changes that could create security risks. • Service Validation and Testing – provides objective evidence that services are meeting their established service level agreements for functionality, availability, continuity, security and usability. Conducting security audits including penetration tests are examples of how ITSA and this ITIL® process interact. Service Operations ITIL® defines Service Operations as “delivering and supporting operational IT services in such a way that they meet business needs and expectations and deliver forecasted business benefits.” (Kneller, 2010, p. 4) Incident Management, Problem Management, Event Management and Access Management processes in ITIL® all use guidance from information security practices. • Incident Management – restores normal service as quickly as possible so that business impacts are minimized. Incidents can come from any part of the business. When they are IT security related, the IT service desk and security teams initiate an incident response process: identification, containment, eradication and recovery. (Killmeyer, 2006, p. 215) Security incidents can range from external attacks, data breaches (e.g. FIPPA and HIPPA compliance), internal attacks and copyright violations. • Problem Management – determines the root causes of incidents, recommends changes to resolve the issue and provides workarounds if a resolution cannot be found. The IT security team takes a lead in this process for security problems. The focus in this process is the eradication of the problem by implementing new security practises and technology. This process initiates the Change Management process when resolutions need to put into production. • Event Management – depends on monitoring of configuration items and services. The process generates notifications about changes and initiates the Incident Management process. This process relates to proactive security monitoring and logging. If a monitored security alert is triggered, the IT service desk and security team initiate the Incident Management process for a security incident. Leo de Sousa Page 5
IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 • Access Management – provides the access rights for people to use services while blocking non-authorized access. Specifically, this ITIL® process manages privileges using the CIA model – confidentiality, integrity, availability to protect data and assets. Other IT security practices like auditing and logging access are practiced in this process. Continual Service Improvement ITIL® defines Continual Service Improvement as “learning from experience and adopting an approach which ensures continual improvement of IT services.” (Kneller, 2010, p. 4) This component of ITIL® focuses on continual evaluation and improvement of services and value to customers. ITIL® suggests a 7-Step Improvement Process to “collect meaningful data, analyze this data to identify trends and issues, present the information to management for their prioritization and agreement and implement improvements.” (itSMF Ltd, UK Chapter, 2007, p. 36) This approach could be taken to continuously improve IT security architecture practices. The Continual Service Improvement component of ITIL® only has generalized references to IT security architecture. There is a section that advocates the use of Standards. There are a series of Security standards that ITIL relates with the main standards family being ISO/IEC 27000 Information Security Management. Here are some of the related standards that ITIL® leverages: (Clinch, 2009, pp. 18-19) • ISO/IEC 27001:2005 Information Security Management Systems – Requirements • ISO/IEC 27002:2005 Code of Practice for Information Security Management • ISO/IEC 27005:2008 Information Security Risk Management • ISO/IEC 27006:2007 Requirements for Bodies Providing Audit and Certification of Information Security Management Systems • ISO/IEC 27799:2008 Health Informatics – Information Security Management in Health Using ISO/IEC 27002 Conclusion Enterprise Architecture models and documents all the parts of an organization not just the IT components. As such, it provides a guiding framework for understanding the interactions between the various components of an organization, how IT service management is implemented (ITIL®) and how IT security architecture is deployed. Many organizations see IT security as purely an IT function and the result is a failure to adequately implement a holistic approach to securing the business. “If we take to heart ITIL’s message that a service is something that delivers business value by improving customer outcomes, we should be seeking to position ISM (information security management) as a business activity that directly contributes towards the delivery of enhanced business value to customers.” (Clinch, 2009, p. 8) Leo de Sousa Page 6
IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 ITIL® interacts effectively with IT Security Architecture in Service Design, Service Transition and Service Operations and has some influence in Service Strategy and Continual Service Improvement. Here are the ITIL® processes with strong IT security architecture interactions. Service Design Service Transition Service Operations Availability Mgmt Knowledge Mgmt Incident Mgmt Service Continuity Mgmt Change Mgmt Problem Mgmt Information Security Mgmt Asset and Configuration Mgmt Event Mgmt Release and Deployment Mgmt Access Mgmt Service Validation and Testing ITIL® leverages many of the existing and evolving IT Security standards particularly from the ISO/IEC 27k family. “Awareness and consideration of security risks and issues are background obligations for every step of successful IT Service Management under ITIL®.” (Clinch, 2009, p. 20) References Bernard, S. A. (2005). An Introduction to Enterprise Architecture 2nd Edition. Bloomington, IL: AuthorHouse. Clinch, J. (2009, May). ITIL V3 and Information Security. Retrieved from Best Management Practice: http://www.best-management- practice.com/gempdf/ITILV3_and_Information_Security_White_Paper_May09.pdf itSMF Ltd, UK Chapter. (2007). An Introductory Overview of ITIL V3. Retrieved from Best Management Practice: http://www.best-management- practice.com/gempdf/itSMF_An_Introductory_Overview_of_ITIL_V3.pdf Killmeyer, J. (2006). Information Security Architecture 2nd Edition. Boca Raton: Auerbach Publications. Kneller, M. (2010, Sept). Executive Briefing: The Benefits of ITIL. Retrieved from Best Management Practice: http://www.best-management- practice.com/gempdf/OGC_Executive_Briefing_Benefits_of_ITIL.pdf SABSA. (2012). SABSA Matrix. Retrieved from SABSA: http://www.sabsa.org/the-sabsa- method/the-sabsa-matrix.aspx Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture A Business-Driven Approach. San Francisco: CMP Books. Leo de Sousa Page 7

Recommandé

Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 
Combining Itil And Six Sigma To Improve
Combining Itil And Six Sigma To ImproveCombining Itil And Six Sigma To Improve
Combining Itil And Six Sigma To ImproveAhmad Refai
 
IBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Sverige
 
Itil Overview Johannesburg November 2009
Itil Overview Johannesburg November 2009Itil Overview Johannesburg November 2009
Itil Overview Johannesburg November 2009robertryan25
 
ITIL V3 Highlights
ITIL V3 HighlightsITIL V3 Highlights
ITIL V3 Highlightsgeoffharmer
 
PCTY 2012 keynote præsentation
PCTY 2012 keynote præsentationPCTY 2012 keynote præsentation
PCTY 2012 keynote præsentationIBM Danmark
 
M2MSys ITIL Executive Summary
M2MSys ITIL Executive SummaryM2MSys ITIL Executive Summary
M2MSys ITIL Executive SummaryFilipe Pinto
 

Recommandé

Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programRamsés Gallego
 
Combining Itil And Six Sigma To Improve
Combining Itil And Six Sigma To ImproveCombining Itil And Six Sigma To Improve
Combining Itil And Six Sigma To ImproveAhmad Refai
 
IBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Sverige
 
Itil Overview Johannesburg November 2009
Itil Overview Johannesburg November 2009Itil Overview Johannesburg November 2009
Itil Overview Johannesburg November 2009robertryan25
 
ITIL V3 Highlights
ITIL V3 HighlightsITIL V3 Highlights
ITIL V3 Highlightsgeoffharmer
 
PCTY 2012 keynote præsentation
PCTY 2012 keynote præsentationPCTY 2012 keynote præsentation
PCTY 2012 keynote præsentationIBM Danmark
 
M2MSys ITIL Executive Summary
M2MSys ITIL Executive SummaryM2MSys ITIL Executive Summary
M2MSys ITIL Executive SummaryFilipe Pinto
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
Soa Governance And Security V1.1
Soa Governance And Security V1.1Soa Governance And Security V1.1
Soa Governance And Security V1.1Dr. Mehmet Yildiz
 
Chris Madrid Master Data Management
Chris Madrid Master Data ManagementChris Madrid Master Data Management
Chris Madrid Master Data ManagementSOA Symposium
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
Global forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobal forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobalForum
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM SystemAna Meskovska
 
The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect StormRamsés Gallego
 
ITIL overview
ITIL overviewITIL overview
ITIL overviewQAI
 
Technology in support of utilities challenges
Technology in support of utilities challengesTechnology in support of utilities challenges
Technology in support of utilities challengesAitor Ibañez
 
Expanding mission critical ci
Expanding mission critical ciExpanding mission critical ci
Expanding mission critical ciHP ESSN Philippines
 
Itil v3 versus itil v2 overview
Itil v3 versus itil v2 overviewItil v3 versus itil v2 overview
Itil v3 versus itil v2 overviewDr Richard Motie
 
Guerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture ManagementGuerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture ManagementChristian Kählig
 
4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephant4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephantaventia
 
IBM Software Day 2013. Turning opportunities into outcomes
IBM Software Day 2013. Turning opportunities into outcomesIBM Software Day 2013. Turning opportunities into outcomes
IBM Software Day 2013. Turning opportunities into outcomesIBM (Middle East and Africa)
 
Integrated Service Management for zEnterprise will be key for Cloud success
Integrated Service Management for zEnterprise will be key for Cloud success Integrated Service Management for zEnterprise will be key for Cloud success
Integrated Service Management for zEnterprise will be key for Cloud success dkang
 
Benno Zollner - Reshaping IT
Benno Zollner - Reshaping ITBenno Zollner - Reshaping IT
Benno Zollner - Reshaping ITFujitsu France
 
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarIntegrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarITSM Academy, Inc.
 
Smarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsSmarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsIBMGovernmentCA
 
Luis lima v3
Luis lima v3Luis lima v3
Luis lima v3EuroCloud
 
Overview of IBM Capabilities
Overview of IBM CapabilitiesOverview of IBM Capabilities
Overview of IBM CapabilitiesIBMGovernmentCA
 
ThinkFaculty ITIL Training Course IBM
ThinkFaculty ITIL Training Course IBMThinkFaculty ITIL Training Course IBM
ThinkFaculty ITIL Training Course IBMZyma Arsalan
 
A Case Study On Implementing ITIL In Business Organization Considering Busi...
A Case Study On Implementing ITIL In Business Organization Considering Busi...A Case Study On Implementing ITIL In Business Organization Considering Busi...
A Case Study On Implementing ITIL In Business Organization Considering Busi...Carrie Cox
 

Contenu connexe

Tendances

From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
Soa Governance And Security V1.1
Soa Governance And Security V1.1Soa Governance And Security V1.1
Soa Governance And Security V1.1Dr. Mehmet Yildiz
 
Chris Madrid Master Data Management
Chris Madrid Master Data ManagementChris Madrid Master Data Management
Chris Madrid Master Data ManagementSOA Symposium
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
Global forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobal forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobalForum
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM SystemAna Meskovska
 
ITIL overview
ITIL overviewITIL overview
ITIL overviewQAI
 
Technology in support of utilities challenges
Technology in support of utilities challengesTechnology in support of utilities challenges
Technology in support of utilities challengesAitor Ibañez
 
Itil v3 versus itil v2 overview
Itil v3 versus itil v2 overviewItil v3 versus itil v2 overview
Itil v3 versus itil v2 overviewDr Richard Motie
 
Guerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture ManagementGuerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture ManagementChristian Kählig
 
4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephant4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephantaventia
 
IBM Software Day 2013. Turning opportunities into outcomes
IBM Software Day 2013. Turning opportunities into outcomesIBM Software Day 2013. Turning opportunities into outcomes
IBM Software Day 2013. Turning opportunities into outcomesIBM (Middle East and Africa)
 
Integrated Service Management for zEnterprise will be key for Cloud success
Integrated Service Management for zEnterprise will be key for Cloud success Integrated Service Management for zEnterprise will be key for Cloud success
Integrated Service Management for zEnterprise will be key for Cloud success dkang
 
Benno Zollner - Reshaping IT
Benno Zollner - Reshaping ITBenno Zollner - Reshaping IT
Benno Zollner - Reshaping ITFujitsu France
 
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarIntegrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarITSM Academy, Inc.
 
Smarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsSmarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsIBMGovernmentCA
 
Luis lima v3
Luis lima v3Luis lima v3
Luis lima v3EuroCloud
 
Overview of IBM Capabilities
Overview of IBM CapabilitiesOverview of IBM Capabilities
Overview of IBM CapabilitiesIBMGovernmentCA
 

Tendances (20)

From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
 
Soa Governance And Security V1.1
Soa Governance And Security V1.1Soa Governance And Security V1.1
Soa Governance And Security V1.1
 
Chris Madrid Master Data Management
Chris Madrid Master Data ManagementChris Madrid Master Data Management
Chris Madrid Master Data Management
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACA
 
Global forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobal forum 2012: Gaetano Santucci
Global forum 2012: Gaetano Santucci
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM System
 
The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect Storm
 
ITIL overview
ITIL overviewITIL overview
ITIL overview
 
Technology in support of utilities challenges
Technology in support of utilities challengesTechnology in support of utilities challenges
Technology in support of utilities challenges
 
Expanding mission critical ci
Expanding mission critical ciExpanding mission critical ci
Expanding mission critical ci
 
Itil v3 versus itil v2 overview
Itil v3 versus itil v2 overviewItil v3 versus itil v2 overview
Itil v3 versus itil v2 overview
 
Guerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture ManagementGuerilla Marketing of Enterprise Architecture Management
Guerilla Marketing of Enterprise Architecture Management
 
4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephant4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephant
 
IBM Software Day 2013. Turning opportunities into outcomes
IBM Software Day 2013. Turning opportunities into outcomesIBM Software Day 2013. Turning opportunities into outcomes
IBM Software Day 2013. Turning opportunities into outcomes
 
Integrated Service Management for zEnterprise will be key for Cloud success
Integrated Service Management for zEnterprise will be key for Cloud success Integrated Service Management for zEnterprise will be key for Cloud success
Integrated Service Management for zEnterprise will be key for Cloud success
 
Benno Zollner - Reshaping IT
Benno Zollner - Reshaping ITBenno Zollner - Reshaping IT
Benno Zollner - Reshaping IT
 
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarIntegrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
 
Smarter Software for Smarter Governments
Smarter Software for Smarter GovernmentsSmarter Software for Smarter Governments
Smarter Software for Smarter Governments
 
Luis lima v3
Luis lima v3Luis lima v3
Luis lima v3
 
Overview of IBM Capabilities
Overview of IBM CapabilitiesOverview of IBM Capabilities
Overview of IBM Capabilities
 

Similaire à ITIL and IT Security Architecture

ThinkFaculty ITIL Training Course IBM
ThinkFaculty ITIL Training Course IBMThinkFaculty ITIL Training Course IBM
ThinkFaculty ITIL Training Course IBMZyma Arsalan
 
A Case Study On Implementing ITIL In Business Organization Considering Busi...
A Case Study On Implementing ITIL In Business Organization Considering Busi...A Case Study On Implementing ITIL In Business Organization Considering Busi...
A Case Study On Implementing ITIL In Business Organization Considering Busi...Carrie Cox
 
ITIL_Introductio_ITIL_IntroductioNn.pptx
ITIL_Introductio_ITIL_IntroductioNn.pptxITIL_Introductio_ITIL_IntroductioNn.pptx
ITIL_Introductio_ITIL_IntroductioNn.pptxmarziarahimi
 
E governance project management practices through information technology infr...
E governance project management practices through information technology infr...E governance project management practices through information technology infr...
E governance project management practices through information technology infr...IJARIIT
 
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM ConferenceSteve Gerick
 
DHL Logistics - Enterprise Architecture
DHL Logistics - Enterprise ArchitectureDHL Logistics - Enterprise Architecture
DHL Logistics - Enterprise ArchitectureHarry Strover
 
Taming the DCIM Wave with ITIL
Taming the DCIM Wave with ITILTaming the DCIM Wave with ITIL
Taming the DCIM Wave with ITILAFCOM
 
It Services And Service Catalog(ITIL V3)
It Services And Service Catalog(ITIL V3)It Services And Service Catalog(ITIL V3)
It Services And Service Catalog(ITIL V3)IT Service and Support
 
analysing what is ITIL Foundation and KEY POINTS FOR ITIL Foundation
analysing what is ITIL Foundation and KEY POINTS FOR ITIL Foundationanalysing what is ITIL Foundation and KEY POINTS FOR ITIL Foundation
analysing what is ITIL Foundation and KEY POINTS FOR ITIL Foundationarjunnegi34
 
Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1Habeeb Mahaboob
 
Exploring the Service Lifecycle
Exploring the Service LifecycleExploring the Service Lifecycle
Exploring the Service LifecycleMatthew Schwartz
 
Getronics - Governance and the Cloud
Getronics - Governance and the CloudGetronics - Governance and the Cloud
Getronics - Governance and the CloudMaurice Remmé
 
Luis lima v3
Luis lima v3Luis lima v3
Luis lima v3EuroCloud
 
Itil v3
Itil v3Itil v3
Itil v3Peleg
 
Presentation: Life In An ITIL V3 Environment
Presentation: Life In An ITIL V3 EnvironmentPresentation: Life In An ITIL V3 Environment
Presentation: Life In An ITIL V3 EnvironmentVyom Labs
 

Similaire à ITIL and IT Security Architecture (20)

ThinkFaculty ITIL Training Course IBM
ThinkFaculty ITIL Training Course IBMThinkFaculty ITIL Training Course IBM
ThinkFaculty ITIL Training Course IBM
 
A Case Study On Implementing ITIL In Business Organization Considering Busi...
A Case Study On Implementing ITIL In Business Organization Considering Busi...A Case Study On Implementing ITIL In Business Organization Considering Busi...
A Case Study On Implementing ITIL In Business Organization Considering Busi...
 
ITIL_Introductio_ITIL_IntroductioNn.pptx
ITIL_Introductio_ITIL_IntroductioNn.pptxITIL_Introductio_ITIL_IntroductioNn.pptx
ITIL_Introductio_ITIL_IntroductioNn.pptx
 
Dit yvol4iss01
Dit yvol4iss01Dit yvol4iss01
Dit yvol4iss01
 
E governance project management practices through information technology infr...
E governance project management practices through information technology infr...E governance project management practices through information technology infr...
E governance project management practices through information technology infr...
 
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference
 
DHL Logistics - Enterprise Architecture
DHL Logistics - Enterprise ArchitectureDHL Logistics - Enterprise Architecture
DHL Logistics - Enterprise Architecture
 
Itil the basics
Itil the basicsItil the basics
Itil the basics
 
ITIL basics
ITIL basicsITIL basics
ITIL basics
 
Taming the DCIM Wave with ITIL
Taming the DCIM Wave with ITILTaming the DCIM Wave with ITIL
Taming the DCIM Wave with ITIL
 
It Services And Service Catalog(ITIL V3)
It Services And Service Catalog(ITIL V3)It Services And Service Catalog(ITIL V3)
It Services And Service Catalog(ITIL V3)
 
ITIL® v3 Overview
ITIL® v3 OverviewITIL® v3 Overview
ITIL® v3 Overview
 
analysing what is ITIL Foundation and KEY POINTS FOR ITIL Foundation
analysing what is ITIL Foundation and KEY POINTS FOR ITIL Foundationanalysing what is ITIL Foundation and KEY POINTS FOR ITIL Foundation
analysing what is ITIL Foundation and KEY POINTS FOR ITIL Foundation
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1
 
Exploring the Service Lifecycle
Exploring the Service LifecycleExploring the Service Lifecycle
Exploring the Service Lifecycle
 
Getronics - Governance and the Cloud
Getronics - Governance and the CloudGetronics - Governance and the Cloud
Getronics - Governance and the Cloud
 
Luis lima v3
Luis lima v3Luis lima v3
Luis lima v3
 
Itil v3
Itil v3Itil v3
Itil v3
 
Presentation: Life In An ITIL V3 Environment
Presentation: Life In An ITIL V3 EnvironmentPresentation: Life In An ITIL V3 Environment
Presentation: Life In An ITIL V3 Environment
 

Plus de Leo de Sousa

Smart Communities Roadshow 2019 - Vancouver
Smart Communities Roadshow 2019 - VancouverSmart Communities Roadshow 2019 - Vancouver
Smart Communities Roadshow 2019 - VancouverLeo de Sousa
 
UAE Higher Education CIO Council Ankabut Users Meeting October 2013
UAE Higher Education CIO Council Ankabut Users Meeting October 2013UAE Higher Education CIO Council Ankabut Users Meeting October 2013
UAE Higher Education CIO Council Ankabut Users Meeting October 2013Leo de Sousa
 
Create a roadmap for ea using capability maturity models
Create a roadmap for ea using capability maturity modelsCreate a roadmap for ea using capability maturity models
Create a roadmap for ea using capability maturity modelsLeo de Sousa
 
Canadian Red Cross Tainted Blood Scandal
Canadian Red Cross Tainted Blood ScandalCanadian Red Cross Tainted Blood Scandal
Canadian Red Cross Tainted Blood ScandalLeo de Sousa
 
Planning A Secure Partner Portal
Planning A Secure Partner PortalPlanning A Secure Partner Portal
Planning A Secure Partner PortalLeo de Sousa
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security GovernanceLeo de Sousa
 
BYOD for Employees
BYOD for EmployeesBYOD for Employees
BYOD for EmployeesLeo de Sousa
 
Motivating Strategic Practice Development Using CMM
Motivating Strategic Practice Development Using CMMMotivating Strategic Practice Development Using CMM
Motivating Strategic Practice Development Using CMMLeo de Sousa
 
Rewards for Information Workers
Rewards for Information WorkersRewards for Information Workers
Rewards for Information WorkersLeo de Sousa
 
Flexible Leadership
Flexible LeadershipFlexible Leadership
Flexible LeadershipLeo de Sousa
 
Ford and GM A Comparison of 2 Fortune 500 Companies
Ford and GM A Comparison of 2 Fortune 500 CompaniesFord and GM A Comparison of 2 Fortune 500 Companies
Ford and GM A Comparison of 2 Fortune 500 CompaniesLeo de Sousa
 
EA - A Year of Growth
EA - A Year of GrowthEA - A Year of Growth
EA - A Year of GrowthLeo de Sousa
 
IT Service Management Overview
IT Service Management OverviewIT Service Management Overview
IT Service Management OverviewLeo de Sousa
 
Intrinsic Motivation Using Personal Learning Plans
Intrinsic Motivation Using Personal Learning PlansIntrinsic Motivation Using Personal Learning Plans
Intrinsic Motivation Using Personal Learning PlansLeo de Sousa
 
Enterprise Architecture And The Business Analyst
Enterprise Architecture And The Business AnalystEnterprise Architecture And The Business Analyst
Enterprise Architecture And The Business AnalystLeo de Sousa
 
BCIT Application Portfolio Mgmt
BCIT Application Portfolio MgmtBCIT Application Portfolio Mgmt
BCIT Application Portfolio MgmtLeo de Sousa
 
BCIT Technology Management
BCIT Technology ManagementBCIT Technology Management
BCIT Technology ManagementLeo de Sousa
 

Plus de Leo de Sousa (17)

Smart Communities Roadshow 2019 - Vancouver
Smart Communities Roadshow 2019 - VancouverSmart Communities Roadshow 2019 - Vancouver
Smart Communities Roadshow 2019 - Vancouver
 
UAE Higher Education CIO Council Ankabut Users Meeting October 2013
UAE Higher Education CIO Council Ankabut Users Meeting October 2013UAE Higher Education CIO Council Ankabut Users Meeting October 2013
UAE Higher Education CIO Council Ankabut Users Meeting October 2013
 
Create a roadmap for ea using capability maturity models
Create a roadmap for ea using capability maturity modelsCreate a roadmap for ea using capability maturity models
Create a roadmap for ea using capability maturity models
 
Canadian Red Cross Tainted Blood Scandal
Canadian Red Cross Tainted Blood ScandalCanadian Red Cross Tainted Blood Scandal
Canadian Red Cross Tainted Blood Scandal
 
Planning A Secure Partner Portal
Planning A Secure Partner PortalPlanning A Secure Partner Portal
Planning A Secure Partner Portal
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security Governance
 
BYOD for Employees
BYOD for EmployeesBYOD for Employees
BYOD for Employees
 
Motivating Strategic Practice Development Using CMM
Motivating Strategic Practice Development Using CMMMotivating Strategic Practice Development Using CMM
Motivating Strategic Practice Development Using CMM
 
Rewards for Information Workers
Rewards for Information WorkersRewards for Information Workers
Rewards for Information Workers
 
Flexible Leadership
Flexible LeadershipFlexible Leadership
Flexible Leadership
 
Ford and GM A Comparison of 2 Fortune 500 Companies
Ford and GM A Comparison of 2 Fortune 500 CompaniesFord and GM A Comparison of 2 Fortune 500 Companies
Ford and GM A Comparison of 2 Fortune 500 Companies
 
EA - A Year of Growth
EA - A Year of GrowthEA - A Year of Growth
EA - A Year of Growth
 
IT Service Management Overview
IT Service Management OverviewIT Service Management Overview
IT Service Management Overview
 
Intrinsic Motivation Using Personal Learning Plans
Intrinsic Motivation Using Personal Learning PlansIntrinsic Motivation Using Personal Learning Plans
Intrinsic Motivation Using Personal Learning Plans
 
Enterprise Architecture And The Business Analyst
Enterprise Architecture And The Business AnalystEnterprise Architecture And The Business Analyst
Enterprise Architecture And The Business Analyst
 
BCIT Application Portfolio Mgmt
BCIT Application Portfolio MgmtBCIT Application Portfolio Mgmt
BCIT Application Portfolio Mgmt
 
BCIT Technology Management
BCIT Technology ManagementBCIT Technology Management
BCIT Technology Management
 

Dernier

Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCRashishs7044
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesDavidSamuel525586
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524najka9823
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCRalexsharmaa01
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 

Dernier (20)

Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in Philippines
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 

ITIL and IT Security Architecture

  • 1. IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 ITIL® and IT Security Architecture Leo de Sousa – IST 725 Abstract This paper describes the interaction between the IT Infrastructure Library (ITIL®) and IT Security Architecture (ITSA) within the overall context of Enterprise Architecture (EA). Enterprise Architecture provides a holistic approach to the integration and management of an organization’s strategy, business and technology. IT Security Architecture is a component of Enterprise Architecture. The EA3 Cube Framework shows how ITSA fits in a documented enterprise architecture. IT Security is considered a planning thread that is a “common activity that is present in all levels of the framework.” (Bernard, 2005, p. 42) ITIL® specifically addresses the IT service component of Enterprise Architecture. ITIL® is an approach to IT Service Management “to drive consistency, efficiency and excellence into the business of managing IT services.” (itSMF Ltd, UK Chapter, 2007, p. 3) ITIL® contains five components built around a Service Lifecycle. The components are Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. The sections of this paper are: (a) Introduction, (b) Relations between ITIL®, IT Security Architecture and Enterprise Architecture (c) Interactions of ITIL® and ITSA and (d) Conclusion. After reading this paper, the reader should have a clear understanding of how ITIL® interacts with IT Security Architecture practices within Enterprise Architecture. Introduction This paper uses Enterprise Architecture as the overarching framework to model and understand how ITIL® and IT Security Architecture interact together. Enterprise Architecture provides a holistic approach to the integration and management of an organization’s strategy, business and technology. EA addresses “policy, planning, decision-making and resource development that is useful to executives, line managers, and support staff.” (Bernard, 2005, p. 33) IT Infrastructure Library (ITIL®) was developed by the UK Office of Government Commerce in the 1980’s. The current version is ITIL® V3 and is a major rewrite from ITIL® V2. IT Infrastructure Library (ITIL®) “provides a framework of Best Practice guidance for IT Service Management and since its creation, ITIL® has grown to become the most widely accepted approach to IT Service Management in the world.” (itSMF Ltd, UK Chapter, 2007, p. 2) ITIL® suggests organizations take a holistic approach to IT service management with a focus on value to customers. Services have two value measures: • Utility – is the service delivering the required functionality? “fit for purpose” • Warranty – is the service delivered in the expected timeframe, in a secure manner and available for customers when necessary? “fit for use” Leo de Sousa Page 1
  • 2. IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 ITIL® contains five components built around a Service Lifecycle. The components are Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. IT Security Architecture “is the art and science of designing and supervising the construction of business systems, usually business information systems, which are: free from danger, damage, etc.; free from fear, care, etc.; in safe custody; not likely to fail; able to be relied upon; safe from attack.” (Sherwood, Clark, & Lynas, 2005, p. 2) The SABSA® Model captures IT Security Architecture in six layers: Contextual Security Architecture, Conceptual Security Architecture, Logical Security Architecture, Physical Security Architecture, Component Architecture and Operational Security Architecture. (Sherwood, Clark, & Lynas, 2005, p. 34) (SABSA, 2012) Components of IT Security Architecture reside within parts of the ITIL® Service Lifecycle and both reside in the Enterprise Architecture framework which encompasses the entire business. Relations between ITIL®, IT Security Architecture and Enterprise Architecture The EA3 Cube Documentation Framework (Bernard, 2005, p. 38) provides an excellent framework for understanding the interactions between ITIL® and ITSA. The EA3 Cube describes an Enterprise Architecture by documenting the current state and future state of an enterprise as well as creating a management plan for change. Here is an image of the EA3 Cube Documentation Framework and the ITIL® V3 Framework: Looking at the EA3 Cube, we can see how each component interacts when modeling an organization. ITIL® suggests IT Service Management best practices for the Service Lifecycle for Services, Data and Information, Systems and Applications, Networks and Infrastructure and Security/Standards in the EA framework. IT Security Architecture (ITSA) is one of the planning threads in the EA3 Cube framework. IT Security Architecture helps identify issues and the risks that could impact a company and its partners. ITSA also provides a framework for planning and implementing secure business practices. Integrating ITSA and ITIL® enables a business to Leo de Sousa Page 2 focus on best practices in security and IT service management to deliver value.
  • 3. IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 The diagram below represents the relationships between EAITILITSA. •Assets (What) •Process (How) EA (S+B+T) •Location (Where) •People (Who) •Time (When) •Motivation (Why) •Service Strategy ITIL (ITSM) •Service Design •Service Transition •Service Operation •Continual Service Improvement •Contextual Security Architecture •Conceptual Security Architecture ITSA (CIA) •Logical Security Architecture •Physical Security Architecture •Component Architecture •Operational Security Architecture Interactions of ITIL® and ITSA This section explores the impacts of ITIL® on ITSA. The table below lists all the ITIL processes by component type - interactions with ITSA are bolded. (Clinch, 2009, pp. 16-17) Service Strategy Service Design Service Service Continual Service Transition Operations Improvement Demand Mgmt Service Catalogue Knowledge Mgmt Incident Mgmt Service Mgmt Measurement Financial Mgmt Service Level Change Mgmt Problem Mgmt Service Reporting Mgmt Strategy Capacity Mgmt Asset and Event Mgmt Service Generation Configuration Improvement Mgmt Service Portfolio Availability Release and Request Mgmt Mgmt Deployment Fulfillment Mgmt Service Transition Access Mgmt Continuity Mgmt Planning and Support Information Service Operations Mgmt Security Mgmt Validation and Testing Supplier Mgmt Evaluation Service Desk Application Mgmt Technical Mgmt IT Operations Leo de Sousa Page 3
  • 4. IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 Service Strategy ITIL® defines Service Strategy as “collaboration between business strategists and IT to develop IT service strategies that support the business strategy.” (Kneller, 2010, p. 3) This section of ITIL® only has generalized references to IT security architecture. There is one specific reference to in the Service Value section: “Service Warranty: how the service is delivered and its fitness for use, in terms of availability, capacity, continuity and security.” (itSMF Ltd, UK Chapter, 2007, p. 14) The intent is security is considered a part of the strategy for creating valuable services for the organization. Service Design ITIL® defines Service Design as “designing the overarching IT architecture and each IT service to meet customers’ business objectives by being both fit for purpose (utility) and fit for use (warranty).” (Kneller, 2010, p. 4) Availability Management, IT Service Continuity Management and Information Security Management processes in ITIL® all provide guidance for implementing security practices. • Availability Management – considers both reactive and proactive activities to ensure services are available for use. IT security architecture provides proactive guidance to protect services as well as responding to security attacks or breaches that compromise a service (e.g. Denial of Service attacks) • IT Service Continuity Management – considers ongoing recovery capabilities for services. IT security architecture guides the design of recovery capabilities and infrastructures to ensure that services can be recovered and delivered securely • Information Security Management – is the main ITIL® process for IT security architecture. This process seeks to align IT security with business security and protect the information assets for all services. This process uses the CIA (confidentiality, integrity, availability) model to suggest best practices of IT security in services. Service Transition ITIL® defines Service Transition as “managing and controlling changes into the live IT operational environment, including the development and transition of new or changed IT services.” (Kneller, 2010, p. 4) Knowledge Management, Change Management, Asset and Configuration Management, Release and Deployment Management and Service Validation and Testing processes all have IT security architecture components. • Knowledge Management – ensures that the correct person has access to the right knowledge, at the correct time to deliver and support business services. This process uses the IT Security Architecture CIA (confidentiality, integrity, availability) model to suggest best practices for information security • Change Management – delivers standard and secure methods to manage change to services. IT security architecture should be integrated with Change Management processes to ensure that introduction of new configuration items do not increase the risk to the services they support. IT security reviews are also important for reviewing Leo de Sousa Page 4
  • 5. IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 changes to existing services to maintain the agreed upon security levels. IT security architecture must be considered for all levels of change from strategic to tactical to operational. Effective implementation of this process limits unauthorized changes that could create security risks. • Asset and Configuration Management – accounts for service assets and configuration items to protect their integrity for the service lifecycle. IT Security architecture integrates with this process especially when considering Data and Information Architecture, Systems and Application Architecture and Networks and Infrastructure Architecture segments. Being able to identify, control and account for corporate information assets protects companies from security breaches, data leakage and information security compliance failures. Creating a Configuration Management System to record and track all configuration items used to deliver services is a key function for security. • Release and Deployment Management – ensures that changes are securely released into the production environment that supports business services. Implementing auditing and release controls following IT security best practices align this ITIL® process with ITSA. Effective implementation of this process limits unauthorized changes that could create security risks. • Service Validation and Testing – provides objective evidence that services are meeting their established service level agreements for functionality, availability, continuity, security and usability. Conducting security audits including penetration tests are examples of how ITSA and this ITIL® process interact. Service Operations ITIL® defines Service Operations as “delivering and supporting operational IT services in such a way that they meet business needs and expectations and deliver forecasted business benefits.” (Kneller, 2010, p. 4) Incident Management, Problem Management, Event Management and Access Management processes in ITIL® all use guidance from information security practices. • Incident Management – restores normal service as quickly as possible so that business impacts are minimized. Incidents can come from any part of the business. When they are IT security related, the IT service desk and security teams initiate an incident response process: identification, containment, eradication and recovery. (Killmeyer, 2006, p. 215) Security incidents can range from external attacks, data breaches (e.g. FIPPA and HIPPA compliance), internal attacks and copyright violations. • Problem Management – determines the root causes of incidents, recommends changes to resolve the issue and provides workarounds if a resolution cannot be found. The IT security team takes a lead in this process for security problems. The focus in this process is the eradication of the problem by implementing new security practises and technology. This process initiates the Change Management process when resolutions need to put into production. • Event Management – depends on monitoring of configuration items and services. The process generates notifications about changes and initiates the Incident Management process. This process relates to proactive security monitoring and logging. If a monitored security alert is triggered, the IT service desk and security team initiate the Incident Management process for a security incident. Leo de Sousa Page 5
  • 6. IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 • Access Management – provides the access rights for people to use services while blocking non-authorized access. Specifically, this ITIL® process manages privileges using the CIA model – confidentiality, integrity, availability to protect data and assets. Other IT security practices like auditing and logging access are practiced in this process. Continual Service Improvement ITIL® defines Continual Service Improvement as “learning from experience and adopting an approach which ensures continual improvement of IT services.” (Kneller, 2010, p. 4) This component of ITIL® focuses on continual evaluation and improvement of services and value to customers. ITIL® suggests a 7-Step Improvement Process to “collect meaningful data, analyze this data to identify trends and issues, present the information to management for their prioritization and agreement and implement improvements.” (itSMF Ltd, UK Chapter, 2007, p. 36) This approach could be taken to continuously improve IT security architecture practices. The Continual Service Improvement component of ITIL® only has generalized references to IT security architecture. There is a section that advocates the use of Standards. There are a series of Security standards that ITIL relates with the main standards family being ISO/IEC 27000 Information Security Management. Here are some of the related standards that ITIL® leverages: (Clinch, 2009, pp. 18-19) • ISO/IEC 27001:2005 Information Security Management Systems – Requirements • ISO/IEC 27002:2005 Code of Practice for Information Security Management • ISO/IEC 27005:2008 Information Security Risk Management • ISO/IEC 27006:2007 Requirements for Bodies Providing Audit and Certification of Information Security Management Systems • ISO/IEC 27799:2008 Health Informatics – Information Security Management in Health Using ISO/IEC 27002 Conclusion Enterprise Architecture models and documents all the parts of an organization not just the IT components. As such, it provides a guiding framework for understanding the interactions between the various components of an organization, how IT service management is implemented (ITIL®) and how IT security architecture is deployed. Many organizations see IT security as purely an IT function and the result is a failure to adequately implement a holistic approach to securing the business. “If we take to heart ITIL’s message that a service is something that delivers business value by improving customer outcomes, we should be seeking to position ISM (information security management) as a business activity that directly contributes towards the delivery of enhanced business value to customers.” (Clinch, 2009, p. 8) Leo de Sousa Page 6
  • 7. IST 725 Case Study 3 – ITIL® and IT Security Architecture April 8, 2012 ITIL® interacts effectively with IT Security Architecture in Service Design, Service Transition and Service Operations and has some influence in Service Strategy and Continual Service Improvement. Here are the ITIL® processes with strong IT security architecture interactions. Service Design Service Transition Service Operations Availability Mgmt Knowledge Mgmt Incident Mgmt Service Continuity Mgmt Change Mgmt Problem Mgmt Information Security Mgmt Asset and Configuration Mgmt Event Mgmt Release and Deployment Mgmt Access Mgmt Service Validation and Testing ITIL® leverages many of the existing and evolving IT Security standards particularly from the ISO/IEC 27k family. “Awareness and consideration of security risks and issues are background obligations for every step of successful IT Service Management under ITIL®.” (Clinch, 2009, p. 20) References Bernard, S. A. (2005). An Introduction to Enterprise Architecture 2nd Edition. Bloomington, IL: AuthorHouse. Clinch, J. (2009, May). ITIL V3 and Information Security. Retrieved from Best Management Practice: http://www.best-management- practice.com/gempdf/ITILV3_and_Information_Security_White_Paper_May09.pdf itSMF Ltd, UK Chapter. (2007). An Introductory Overview of ITIL V3. Retrieved from Best Management Practice: http://www.best-management- practice.com/gempdf/itSMF_An_Introductory_Overview_of_ITIL_V3.pdf Killmeyer, J. (2006). Information Security Architecture 2nd Edition. Boca Raton: Auerbach Publications. Kneller, M. (2010, Sept). Executive Briefing: The Benefits of ITIL. Retrieved from Best Management Practice: http://www.best-management- practice.com/gempdf/OGC_Executive_Briefing_Benefits_of_ITIL.pdf SABSA. (2012). SABSA Matrix. Retrieved from SABSA: http://www.sabsa.org/the-sabsa- method/the-sabsa-matrix.aspx Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture A Business-Driven Approach. San Francisco: CMP Books. Leo de Sousa Page 7