SlideShare une entreprise Scribd logo

Dit yvol2iss37

Rick Lemieux
Rick Lemieux
Technologie
1  sur  5
Télécharger pour lire hors ligne
itSM Solutions® DITY™ Newsletter Reprint This is a reprint of an itSM Solutions® DITY™ Newsletter. Our members receive our weekly DITY Newsletter, and have access to practical and often entertaining articles in our archives. DITY is the newsletter for IT professionals who want a workable, practical guide to implementing ITIL best practices -- without the hype. become a member (It's Free. Visit http://www.itsmsolutions.com/newsletters/DITY.htm) Publisher itSM Solutions™ LLC 31 South Talbert Blvd #295 Lexington, NC 27292 Phone (336) 510-2885 Fax (336) 798-6296 Find us on the web at: http://www.itsmsolutions.com. To report errors please send a note to the editor, Hank Marquis at hank.marquis@itsmsolutions.com For information on obtaining copies of this guide contact: sales@itsmsolutions.com Copyright © 2006 Nichols-Kuhn Group. ITIL Glossaries © Crown Copyright Office of Government Commerce. Reproduced with the permission of the Controller of HMSO and the Office of Government Commerce. Notice of Rights / Restricted Rights Legend All rights reserved. Reproduction or transmittal of this guide or any portion thereof by any means whatsoever without prior written permission of the Publisher is prohibited. All itSM Solutions products are licensed in accordance with the terms and conditions of the itSM Solutions Partner License. No title or ownership of this guide, any portion thereof, or its contents is transferred, and any use of the guide or any portion thereof beyond the terms of the previously mentioned license, without written authorization of the Publisher, is prohibited. Notice of Liability This guide is distributed "As Is," without warranty of any kind, either express or implied, respecting the content of this guide, including but not limited to implied warranties for the guide's quality, performance, merchantability, or fitness for any particular purpose. Neither the authors, nor itSM Solutions LLC, its dealers or distributors shall be liable with respect to any liability, loss or damage caused or alleged to have been caused directly or indirectly by the contents of this guide. Trademarks itSM Solutions is a trademark of itSM Solutions LLC. Do IT Yourself™ and DITY™ are trademarks of Nichols-Kuhn Group. ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office, and is used here by itSM Solutions LLC under license from and with the permission of OGC (Trade Mark License No. 0002). IT Infrastructure Library ® is a Registered Trade Mark of the Office of Government Commerce and is used here by itSM Solutions LLC under license from and with the permission of OGC (Trade Mark License No. 0002). Other product names mentioned in this guide may be trademarks or registered trademarks of their respective companies.
11 Ways ITIL Improves Security Subscribe Vol. 2.37 PDF Download Back Issues SEPTEMBER 20, 2006 "11 Ways ITIL Improves Security" DITY Weekly Reader The workable, practical guide to Do IT Yourself ITIL improves security governance. ITIL makes security easier and more controlled, thus making it easier to comply with regulations like Sarbanes-Oxley, HIPAA, FISMA, GLBA, NIST 800-53/FIPS200, FFIEC, and others. http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (1 of 4)9/19/2006 10:25:19 AM
11 Ways ITIL Improves Security By Hank Marquis The IT Infrastructure Library® (ITIL®) is best practice. We all know ITIL describes what to do, not how to do it. The descriptive nature of ITIL leads many to wonder what benefits ITIL delivers, if any. However, without too much thought, anyone familiar with a particular industry or IT segment can soon understand how ITIL best practices can assist virtually any operational aspect of IT. hank MARQUIS Articles E-mail Bio Let’s examine security for example. How can ITIL best practices help with the day to day workings of security? The ITIL has a dedicated for security, and includes security as a fabric within the Service Support and Service Delivery books. The ITIL focuses on the process of implementing security requirements identified in Service Level Agreements. However, as always, the ITIL is descriptive and not prescriptive. Following, I show at least 11 ways ITIL can improve or assist in security, and give you a 9-step plan for improving security using ITIL. Security and ITIL ITIL describes a Security Management function (e.g., a group, like Service Desk) that interfaces with other ITIL processes regarding security issues. These issues relate predominantly to the Confidentiality, Integrity and Availability of data, as well as the security of hardware and software components, documentation and procedures. Virtually every organization faces some form of oversight and regulation. We have all heard of Sarbanes-Oxley, but there are many, many more. HIPAA, FISMA, GLBA, COBIT, NIST 800-53/ FIPS200, FFIEC, and others. There are at least five areas to consider with thinking about security and ITIL: 1. 2. 3. 4. 5. The process of security management The relationships between security and the other ITIL processes External relationships as defined in Underpinning Contracts (UCs) Customer facing requirements as defined in Service Level Agreements (SLAs) Internal relationships between functional organizations as defined in Operating Level Agreements (OLA's) Here are some easy ways the best practices in ITIL can improve how IT organizations implement and manage information security in response to regulations. 1. Security requires audits, and regardless of the regulatory environment, IT must support audits. Audits require documentation, process control, and clear roles, responsibilities, and authorities. ITIL processes descriptions provide the basis http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (2 of 4)9/19/2006 10:25:19 AM
11 Ways ITIL Improves Security 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. for sound audits. Security requires control over assets. To control assets you must know what you have, where it’s located, and who can access it. This basis comes directly from ITIL Configuration Management. Most regulation, including HIPAA and SOX, requires analysis and documentation of changes made to IT systems. In change management many issues are to be ensured. Change Management can perform risk analysis, business impact analysis, and security analysis from a centralized perspective. Security management requires an incident category specifically for security related incidents. The ITIL Incident Management process provides the control and flexibility required to manage security incidents quickly and efficiently without a duplicate organization. Security Incidents require review by security management. Having a single point of contact for all matters relating to IT – the ITIL Service Desk – provides a single reporting source for all Incidents, including those pertaining to security. ITIL focuses security where needed based on business requirements, not technology. This is important since most security operations today do what they feel is best for the business instead of just what the business required. This “gold plating” carries a high cost and keeps IT from being seen by the business as a partner. Since ITIL is all about organizational best practices, the security management process itself can operate in a process-driven, methodical manner. This is absolutely critical to success with security. ITIL requires continuous review, audit, and reporting of processes activities. Security requires continuous reviews to remain vigilant. Availability Management describes a centralized engineering and architecture that always takes into account the Confidentiality, Integrity, and Availability of data (CIA). The Service Level Management process sets up, monitors, reports on, and administers agreements with customers (SLA), suppliers (UC), and other IT functional departments (OLA). These contracts and agreements all require security sections. Establish a link between Problem Management and security alert channels. Relevant security issues should be documented and added to the knowledge base for use by Incident Management and the service desk as well as other IT functional groups. Summary ITIL best practices help deliver real security improvements, as well as establishing the controls required for meeting legislative and regulatory requirements. Here is a simple 9 step plan for improving security using ITIL: 1. Work with customers and the business to understand and document security requirements. It is very important that you take your lead from the business. 2. Review with senior IT leaders to ensure review of all relevant legislative, http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (3 of 4)9/19/2006 10:25:19 AM
11 Ways ITIL Improves Security 3. 4. 5. 6. 7. 8. 9. industry, and corporate regulations. Work with other ITIL process managers to validate the ability to support customer (#1 above) and corporate (#2 above) security requirements identified. Negotiate a Service Level Agreement (SLA) that includes a security section. As always, keep it in business terms, and make sure it is measurable. Based on the SLA(s), create and implement Operational Level Agreements (OLAs) between related technical or functional departments or groups. Each OLA requires a security section that clearly spells out and defines how, for example, security incidents will be handled. Review all Underpinning Contracts (UCs) for security as well. They should all include a security section. For example, defining access to customer information and data confidentiality. Update UCs, define and implement OLA's, then publish the SLA. Report on security as you would report on capacity, availability, or changes. As required, iterate the security sections as required. -- Where to go from here: q q q Subscribe to our newsletter and get new skills delivered right to your Inbox, click here. Download this article in PDF format for use at your own convenience, click here. Browse back-issues of the DITY Newsletter, click here. Entire Contents © 2006 itSM Solutions LLC. All Rights Reserved. http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (4 of 4)9/19/2006 10:25:19 AM

Recommandé

Dit yvol4iss32
Dit yvol4iss32Dit yvol4iss32
Dit yvol4iss32Rick Lemieux
 
Raz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security
 
Dit yvol2iss43
Dit yvol2iss43Dit yvol2iss43
Dit yvol2iss43Rick Lemieux
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Dit yvol4iss40
Dit yvol4iss40Dit yvol4iss40
Dit yvol4iss40Rick Lemieux
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Top 10 Myths about ITIL Debunked
Top 10 Myths about ITIL DebunkedTop 10 Myths about ITIL Debunked
Top 10 Myths about ITIL DebunkedTorsten Laser
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery Prof. Jacques Folon (Ph.D)
 

Recommandé

Dit yvol4iss32
Dit yvol4iss32Dit yvol4iss32
Dit yvol4iss32Rick Lemieux
 
Raz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security
 
Dit yvol2iss43
Dit yvol2iss43Dit yvol2iss43
Dit yvol2iss43Rick Lemieux
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Dit yvol4iss40
Dit yvol4iss40Dit yvol4iss40
Dit yvol4iss40Rick Lemieux
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Top 10 Myths about ITIL Debunked
Top 10 Myths about ITIL DebunkedTop 10 Myths about ITIL Debunked
Top 10 Myths about ITIL DebunkedTorsten Laser
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery Prof. Jacques Folon (Ph.D)
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBookPatrick Whelan, CISA
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOpen Access Systems Corporation
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Dit yvol2iss30
Dit yvol2iss30Dit yvol2iss30
Dit yvol2iss30Rick Lemieux
 
Microsoft Core Infrastructure Overview
Microsoft Core Infrastructure OverviewMicrosoft Core Infrastructure Overview
Microsoft Core Infrastructure Overviewjessiethe3rd
 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecurityHelpSystems
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
CyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTCyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTAbdullahi Arabo Jr (MEng, MBCS, PhD)
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Microsoft Core Infratructure
Microsoft Core InfratructureMicrosoft Core Infratructure
Microsoft Core Infratructureirvin1969
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...Compliance Global Inc
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Patten John
 
Dit yvol2iss13
Dit yvol2iss13Dit yvol2iss13
Dit yvol2iss13Rick Lemieux
 
Dit yvol1iss7
Dit yvol1iss7Dit yvol1iss7
Dit yvol1iss7Rick Lemieux
 
Dit yvol4iss04
Dit yvol4iss04Dit yvol4iss04
Dit yvol4iss04Rick Lemieux
 

Contenu connexe

Tendances

Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Microsoft Core Infrastructure Overview
Microsoft Core Infrastructure OverviewMicrosoft Core Infrastructure Overview
Microsoft Core Infrastructure Overviewjessiethe3rd
 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecurityHelpSystems
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Microsoft Core Infratructure
Microsoft Core InfratructureMicrosoft Core Infratructure
Microsoft Core Infratructureirvin1969
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Bill Ross
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...Compliance Global Inc
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Patten John
 

Tendances (19)

ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBook
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Dit yvol2iss30
Dit yvol2iss30Dit yvol2iss30
Dit yvol2iss30
 
Microsoft Core Infrastructure Overview
Microsoft Core Infrastructure OverviewMicrosoft Core Infrastructure Overview
Microsoft Core Infrastructure Overview
 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
 
CyberSecurity_for_the_IoT
CyberSecurity_for_the_IoTCyberSecurity_for_the_IoT
CyberSecurity_for_the_IoT
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
Microsoft Core Infratructure
Microsoft Core InfratructureMicrosoft Core Infratructure
Microsoft Core Infratructure
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
 
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
New COBIT 5 Framework: Master the skills to review Implementation - By Compli...
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the Unexpected
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
 

En vedette

En vedette (9)

Dit yvol2iss13
Dit yvol2iss13Dit yvol2iss13
Dit yvol2iss13
 
Dit yvol1iss7
Dit yvol1iss7Dit yvol1iss7
Dit yvol1iss7
 
Dit yvol4iss04
Dit yvol4iss04Dit yvol4iss04
Dit yvol4iss04
 
Dit yvol5iss31
Dit yvol5iss31Dit yvol5iss31
Dit yvol5iss31
 
Dit yvol2iss18
Dit yvol2iss18Dit yvol2iss18
Dit yvol2iss18
 
Dit yvol4iss03
Dit yvol4iss03Dit yvol4iss03
Dit yvol4iss03
 
Dit yvol5iss28
Dit yvol5iss28Dit yvol5iss28
Dit yvol5iss28
 
Dit yvol3iss38
Dit yvol3iss38Dit yvol3iss38
Dit yvol3iss38
 
Dit yvol5iss23
Dit yvol5iss23Dit yvol5iss23
Dit yvol5iss23
 

Similaire à Dit yvol2iss37

ITIL Service Desk
ITIL Service DeskITIL Service Desk
ITIL Service Deskjmansur1
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Securityvikasraina
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 

Similaire à Dit yvol2iss37 (20)

Dit yvol2iss14
Dit yvol2iss14Dit yvol2iss14
Dit yvol2iss14
 
Dit yvol2iss12
Dit yvol2iss12Dit yvol2iss12
Dit yvol2iss12
 
Dit yvol2iss48
Dit yvol2iss48Dit yvol2iss48
Dit yvol2iss48
 
Dit yvol3iss9
Dit yvol3iss9Dit yvol3iss9
Dit yvol3iss9
 
ITIL Service Desk
ITIL Service DeskITIL Service Desk
ITIL Service Desk
 
Dit yvol1iss4
Dit yvol1iss4Dit yvol1iss4
Dit yvol1iss4
 
Dit yvol2iss28
Dit yvol2iss28Dit yvol2iss28
Dit yvol2iss28
 
Dit yvol2iss11
Dit yvol2iss11Dit yvol2iss11
Dit yvol2iss11
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
Itil 2
Itil 2Itil 2
Itil 2
 
Dit yvol2iss22
Dit yvol2iss22Dit yvol2iss22
Dit yvol2iss22
 
ITIL continual service improvement
ITIL continual service improvementITIL continual service improvement
ITIL continual service improvement
 
Dit yvol2iss50
Dit yvol2iss50Dit yvol2iss50
Dit yvol2iss50
 
CobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast SeminarCobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast Seminar
 
Dit yvol3iss12
Dit yvol3iss12Dit yvol3iss12
Dit yvol3iss12
 
Dit yvol2iss44
Dit yvol2iss44Dit yvol2iss44
Dit yvol2iss44
 
Dit yvol2iss3
Dit yvol2iss3Dit yvol2iss3
Dit yvol2iss3
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Security
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
Dit yvol1iss2
Dit yvol1iss2Dit yvol1iss2
Dit yvol1iss2
 

Plus de Rick Lemieux

IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementRick Lemieux
 

Plus de Rick Lemieux (20)

IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT Alignement
 
Dit yvol5iss41
Dit yvol5iss41Dit yvol5iss41
Dit yvol5iss41
 
Dit yvol5iss40
Dit yvol5iss40Dit yvol5iss40
Dit yvol5iss40
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38
 
Dit yvol5iss37
Dit yvol5iss37Dit yvol5iss37
Dit yvol5iss37
 
Dit yvol5iss36
Dit yvol5iss36Dit yvol5iss36
Dit yvol5iss36
 
Dit yvol5iss35
Dit yvol5iss35Dit yvol5iss35
Dit yvol5iss35
 
Dit yvol5iss34
Dit yvol5iss34Dit yvol5iss34
Dit yvol5iss34
 
Dit yvol5iss33
Dit yvol5iss33Dit yvol5iss33
Dit yvol5iss33
 
Dit yvol5iss32
Dit yvol5iss32Dit yvol5iss32
Dit yvol5iss32
 
Dit yvol5iss30
Dit yvol5iss30Dit yvol5iss30
Dit yvol5iss30
 
Dit yvol5iss29
Dit yvol5iss29Dit yvol5iss29
Dit yvol5iss29
 
Dit yvol5iss26
Dit yvol5iss26Dit yvol5iss26
Dit yvol5iss26
 
Dit yvol5iss25
Dit yvol5iss25Dit yvol5iss25
Dit yvol5iss25
 
Dit yvol5iss24
Dit yvol5iss24Dit yvol5iss24
Dit yvol5iss24
 
Dit yvol5iss22
Dit yvol5iss22Dit yvol5iss22
Dit yvol5iss22
 
Dit yvol5iss21
Dit yvol5iss21Dit yvol5iss21
Dit yvol5iss21
 
Dit yvol5iss20
Dit yvol5iss20Dit yvol5iss20
Dit yvol5iss20
 
Dit yvol5iss19
Dit yvol5iss19Dit yvol5iss19
Dit yvol5iss19
 
Dit yvol5iss17
Dit yvol5iss17Dit yvol5iss17
Dit yvol5iss17
 

Dernier

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Dernier (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Dit yvol2iss37

  • 1. itSM Solutions® DITY™ Newsletter Reprint This is a reprint of an itSM Solutions® DITY™ Newsletter. Our members receive our weekly DITY Newsletter, and have access to practical and often entertaining articles in our archives. DITY is the newsletter for IT professionals who want a workable, practical guide to implementing ITIL best practices -- without the hype. become a member (It's Free. Visit http://www.itsmsolutions.com/newsletters/DITY.htm) Publisher itSM Solutions™ LLC 31 South Talbert Blvd #295 Lexington, NC 27292 Phone (336) 510-2885 Fax (336) 798-6296 Find us on the web at: http://www.itsmsolutions.com. To report errors please send a note to the editor, Hank Marquis at hank.marquis@itsmsolutions.com For information on obtaining copies of this guide contact: sales@itsmsolutions.com Copyright © 2006 Nichols-Kuhn Group. ITIL Glossaries © Crown Copyright Office of Government Commerce. Reproduced with the permission of the Controller of HMSO and the Office of Government Commerce. Notice of Rights / Restricted Rights Legend All rights reserved. Reproduction or transmittal of this guide or any portion thereof by any means whatsoever without prior written permission of the Publisher is prohibited. All itSM Solutions products are licensed in accordance with the terms and conditions of the itSM Solutions Partner License. No title or ownership of this guide, any portion thereof, or its contents is transferred, and any use of the guide or any portion thereof beyond the terms of the previously mentioned license, without written authorization of the Publisher, is prohibited. Notice of Liability This guide is distributed "As Is," without warranty of any kind, either express or implied, respecting the content of this guide, including but not limited to implied warranties for the guide's quality, performance, merchantability, or fitness for any particular purpose. Neither the authors, nor itSM Solutions LLC, its dealers or distributors shall be liable with respect to any liability, loss or damage caused or alleged to have been caused directly or indirectly by the contents of this guide. Trademarks itSM Solutions is a trademark of itSM Solutions LLC. Do IT Yourself™ and DITY™ are trademarks of Nichols-Kuhn Group. ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office, and is used here by itSM Solutions LLC under license from and with the permission of OGC (Trade Mark License No. 0002). IT Infrastructure Library ® is a Registered Trade Mark of the Office of Government Commerce and is used here by itSM Solutions LLC under license from and with the permission of OGC (Trade Mark License No. 0002). Other product names mentioned in this guide may be trademarks or registered trademarks of their respective companies.
  • 2. 11 Ways ITIL Improves Security Subscribe Vol. 2.37 PDF Download Back Issues SEPTEMBER 20, 2006 "11 Ways ITIL Improves Security" DITY Weekly Reader The workable, practical guide to Do IT Yourself ITIL improves security governance. ITIL makes security easier and more controlled, thus making it easier to comply with regulations like Sarbanes-Oxley, HIPAA, FISMA, GLBA, NIST 800-53/FIPS200, FFIEC, and others. http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (1 of 4)9/19/2006 10:25:19 AM
  • 3. 11 Ways ITIL Improves Security By Hank Marquis The IT Infrastructure Library® (ITIL®) is best practice. We all know ITIL describes what to do, not how to do it. The descriptive nature of ITIL leads many to wonder what benefits ITIL delivers, if any. However, without too much thought, anyone familiar with a particular industry or IT segment can soon understand how ITIL best practices can assist virtually any operational aspect of IT. hank MARQUIS Articles E-mail Bio Let’s examine security for example. How can ITIL best practices help with the day to day workings of security? The ITIL has a dedicated for security, and includes security as a fabric within the Service Support and Service Delivery books. The ITIL focuses on the process of implementing security requirements identified in Service Level Agreements. However, as always, the ITIL is descriptive and not prescriptive. Following, I show at least 11 ways ITIL can improve or assist in security, and give you a 9-step plan for improving security using ITIL. Security and ITIL ITIL describes a Security Management function (e.g., a group, like Service Desk) that interfaces with other ITIL processes regarding security issues. These issues relate predominantly to the Confidentiality, Integrity and Availability of data, as well as the security of hardware and software components, documentation and procedures. Virtually every organization faces some form of oversight and regulation. We have all heard of Sarbanes-Oxley, but there are many, many more. HIPAA, FISMA, GLBA, COBIT, NIST 800-53/ FIPS200, FFIEC, and others. There are at least five areas to consider with thinking about security and ITIL: 1. 2. 3. 4. 5. The process of security management The relationships between security and the other ITIL processes External relationships as defined in Underpinning Contracts (UCs) Customer facing requirements as defined in Service Level Agreements (SLAs) Internal relationships between functional organizations as defined in Operating Level Agreements (OLA's) Here are some easy ways the best practices in ITIL can improve how IT organizations implement and manage information security in response to regulations. 1. Security requires audits, and regardless of the regulatory environment, IT must support audits. Audits require documentation, process control, and clear roles, responsibilities, and authorities. ITIL processes descriptions provide the basis http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (2 of 4)9/19/2006 10:25:19 AM
  • 4. 11 Ways ITIL Improves Security 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. for sound audits. Security requires control over assets. To control assets you must know what you have, where it’s located, and who can access it. This basis comes directly from ITIL Configuration Management. Most regulation, including HIPAA and SOX, requires analysis and documentation of changes made to IT systems. In change management many issues are to be ensured. Change Management can perform risk analysis, business impact analysis, and security analysis from a centralized perspective. Security management requires an incident category specifically for security related incidents. The ITIL Incident Management process provides the control and flexibility required to manage security incidents quickly and efficiently without a duplicate organization. Security Incidents require review by security management. Having a single point of contact for all matters relating to IT – the ITIL Service Desk – provides a single reporting source for all Incidents, including those pertaining to security. ITIL focuses security where needed based on business requirements, not technology. This is important since most security operations today do what they feel is best for the business instead of just what the business required. This “gold plating” carries a high cost and keeps IT from being seen by the business as a partner. Since ITIL is all about organizational best practices, the security management process itself can operate in a process-driven, methodical manner. This is absolutely critical to success with security. ITIL requires continuous review, audit, and reporting of processes activities. Security requires continuous reviews to remain vigilant. Availability Management describes a centralized engineering and architecture that always takes into account the Confidentiality, Integrity, and Availability of data (CIA). The Service Level Management process sets up, monitors, reports on, and administers agreements with customers (SLA), suppliers (UC), and other IT functional departments (OLA). These contracts and agreements all require security sections. Establish a link between Problem Management and security alert channels. Relevant security issues should be documented and added to the knowledge base for use by Incident Management and the service desk as well as other IT functional groups. Summary ITIL best practices help deliver real security improvements, as well as establishing the controls required for meeting legislative and regulatory requirements. Here is a simple 9 step plan for improving security using ITIL: 1. Work with customers and the business to understand and document security requirements. It is very important that you take your lead from the business. 2. Review with senior IT leaders to ensure review of all relevant legislative, http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (3 of 4)9/19/2006 10:25:19 AM
  • 5. 11 Ways ITIL Improves Security 3. 4. 5. 6. 7. 8. 9. industry, and corporate regulations. Work with other ITIL process managers to validate the ability to support customer (#1 above) and corporate (#2 above) security requirements identified. Negotiate a Service Level Agreement (SLA) that includes a security section. As always, keep it in business terms, and make sure it is measurable. Based on the SLA(s), create and implement Operational Level Agreements (OLAs) between related technical or functional departments or groups. Each OLA requires a security section that clearly spells out and defines how, for example, security incidents will be handled. Review all Underpinning Contracts (UCs) for security as well. They should all include a security section. For example, defining access to customer information and data confidentiality. Update UCs, define and implement OLA's, then publish the SLA. Report on security as you would report on capacity, availability, or changes. As required, iterate the security sections as required. -- Where to go from here: q q q Subscribe to our newsletter and get new skills delivered right to your Inbox, click here. Download this article in PDF format for use at your own convenience, click here. Browse back-issues of the DITY Newsletter, click here. Entire Contents © 2006 itSM Solutions LLC. All Rights Reserved. http://www.itsmsolutions.com/newsletters/DITYvol2iss37.htm (4 of 4)9/19/2006 10:25:19 AM