According to BS 7799, Information Security refers to maintaining:
|
| • | Confidentiality - Information is accessible only to those authorized. |
|
| • | Integrity- Safeguarding the accuracy and completeness of information |
|
| • | Availability Authorised users have access to information when required. |
|
To ensure that it complies with the external requirements-legislation SLAs etc.
|
To create a secure environment regardless of the external requirements
|
Vital Business Information is kept secure
|
Security Management Function Overview
Mission Statement To prevent the occurrence of security-related incidents by managing the cconfidentiality, integrity and availability of IT services and data line with business requirements at acceptable cost.
|
Function Goal Prevent security related incidents by establishing:
|
Achieve the function mission by implementing:
|
ITIL-aligned Security Management function
|
Dedicated Security Management Function Owner
|
Holistic management view of security considering people, process and physical items as well as technical items
|
Centralized function for managing security and establishing security related policies
|
Ongoing monitoring and reporting of security
|
Proactive actions to prevent security related incidents
|
Periodic auditing of security practices to continually improve overall security functions and controls
|
Effective security controls that are in line with business and regulatory requirements at acceptable cost levels
|
Critical Success Factors (CSFs) The Critical Success Factors (CSFs) are:
|
Managing Confidentiality, Integrity and Availability Of IT Services And Data
|
Providing Security Cost Effectively
|
Proactively Addressing Security Improvements Where Needed
|
Key Activities The key activities for this function are:
|
Plan for Security Management in line with service and policy requirements
|
Coordinate implementation of Security Management people, process and technologies
|
Execute Security Management control activities
|
Evaluate and audit the Security Management supporting infrastructure
|
Maintain Security Management people, processes and technical infrastructure
|
Provide management information about Security Management quality and operations
|
Key Performance Indicators (KPIs) Examples of Key Process Performance Indicators (KPIs) are shown in the list below. Each one is mapped to a Critical Success Factor (CSF).
|
Managing the Confidentiality, Integrity and Availability of IT Services and Data
|
Number of incidents caused by internal security failures
|
Number of incidents caused by external security failures
|
Number of security audit and testing failures
|
Providing Security Cost Effectively
Percentage of delivery cost per customer related to security management activities
|
Percentage of delivery cost per customer related to security measures implemented
|
Proactively Addressing Security Improvements Where Needed
Number of Security Improvement Initiatives in place.
|
Number of Security Improvement Initiatives completed on time
|
Number of Security Improvement Initiatives not yet staffed/started
|
Number of Security incidents related to non-current security maintenance.
|
Page locked. Please contact us if you wish to edit.
|
|
NAVIGATION
THE OPEN GUIDE
This is an Open and Public Site for ITIL professionals and students. It is maintained by the ITIL community itself. Please feel free to contribute.
THE ITIL BOOKS
The ITIL volumes themselves are supplied worldwide via the publishers, TSO Books.
ONLINE COMMUNITIES
|
