ITIL Security Management Activities

Let us take some time to explain what some of the activities we mentioned earlier are. There are various activities. Some of these activities include control, plan, implementation, and evaluation.

Security Management Control

This is the first activity in the Security Management Process, it can also be known as a sub-process. The control activity is designed to organize and manage the Security Management Process. It also defines the processes, the distribution of responsibility, the police statements, and the management framework.

The Security Management framework is used to define the sub-processes for the expansion of security plans, the implementation of the security plans, and the evaluation and how the out come of the evaluation is translated into action plans. The framework management also defines what should be reported to the client.

Security Management Plan

The plan activity or sub-process contains activities that leas to the Security area in the SLA when cooperating with the Service Level Management. Moreover, the plan sub-process includes the actions that are related to the supporting contracts that are specific for security.

With the plan sub-process the goals that are formed in the SLA are identified in the form of Operational Level Agreements or OLAs. OLA’s can be defined as security plans for a particular internal organization unit of the service supplier.

Aside from the input of the SLA, the plan sub-process works with the policy statements of the service supplier as well. When we discussed control we mentioned that these statements are defined in that processes, that still applies in this activity as well.

Now the Operational Level Agreements for the information security should be setup and implemented with the techniques basses on the ITIL process. What exactly does this mean? Well this means that there has to be some type of cooperation with the other ITIL process.

Security Management Evaluation

The evaluation of the implementation and the plans happens to be a very important part. Evaluating is always needed in order to measure the level of success of the implementation and the security plans. The Evaluation is also important for the client and even the third parties.

Results of the Evaluation are then used to maintain the agreed upon measures and the implementation. These results can lead to new requirements and this can lead to a change. The request for change is defined and it is sent to the Change Management Process.

There are three main types of evaluation, one is self assessment, another is internal audit, and the third is external audit.

Self assessment is carried out in the organization of the processes, the internal audit is carried out by the internal information technology auditors, and finally the external audit is carried out by the external or independent information technology auditors.

There is another variance of evaluation as well, this is based on the communicated security incidents, and this will also be performed. The most important activities for this type of evaluation are the security monitoring of the IT systems, verification of compiled security legislation and implementation of the security plans, and trace and react to any undesirable use of the IT Supplies.

Conclusion

We can no look at this framework with a new found respect. It is very obviously a complicated and intricate design that can easily be adapted by any organization. I personally can see a great benefit to putting such a well developed structure to work for any business.

Security of the information within an organization is a very big issue in our more technical day, this method of management is undeniably genius and can be used to keep all information secure, complete, and in place until it is needed.