{"id":71,"date":"2004-12-22T00:00:00","date_gmt":"2004-12-22T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/12\/22\/how-itil-can-improve-information-security\/"},"modified":"2021-12-30T11:36:27","modified_gmt":"2021-12-30T11:36:27","slug":"how-itil-can-improve-information-security","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/12\/22\/how-itil-can-improve-information-security\/","title":{"rendered":"How ITIL Can Improve Information Security"},"content":{"rendered":"<p>ITIL &#8211; the Information Technology Infrastructure Library &#8211; is a set of best practices and guidelines that define an integrated, process-based approach for managing information technology services.  This article will provide a general overview of ITIL and discuss how ITIL can improve how organizations implement and manage information security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ITIL can be applied across almost every type of IT environment.  Interest in and adoption of ITIL has been steadily increasing throughout the world; the numerous public and private organizations that have adopted it include Proctor &#038; Gamble, Washington Mutual, Southwest Airlines, Hershey Foods, and the Internal Revenue Service.  In addition to the often touted benefits of ITIL &#8211; aligning IT with the needs of the business, improving service quality, decreasing the costs of IT service delivery and support &#8211; the framework can aid the information security professional both directly (there is a specific Security Management process) and indirectly.<\/p>\n<p>Configuration Management: Best practices for controlling production configurations (for example, standardization, status monitoring, asset identification).  Incident Management: Best practices for resolving incidents (any event that causes an interruption to, or a reduction in, the quality of an IT service) and quickly restoring IT services.  These practices ensure that normal service is restored as quickly as possible after an incident occurs.  These practices seek to proactively prevent incidents and problems.<\/p>\n<p>Change Management: Best practices for standardizing and authorizing the controlled implementation of IT changes.  These practices ensure that changes are implemented with minimum adverse impact on IT services, and that they are traceable.<\/p>\n<p>Financial Management: Best practices for understanding and managing the cost of providing IT services (for example, budgeting, IT accounting, charging).  These practices ensure that IT services are maintained and improved through a cycle of agreeing, monitoring, reporting, and reviewing IT services.<\/p>\n<p>There is also a Service Desk function that describes best practices for establishing and managing a central point of contact for users of IT services.  Two of the Service Desk&#8217;s most important responsibilities are monitoring incidents and communicating with users.  The customer and IT organization negotiate and define a service level agreement (SLA) that includes definition of the information security requirements in measurable terms and specifies how they will be verifiably achieved.<\/p>\n<p>Operational level agreements (OLAs), which provide detailed descriptions of how information security services will be provided, are negotiated and defined within the IT organization.<\/p>\n<p>With its requirement for continuous review, ITIL can help ensure that information security measures maintain their effectiveness as requirements, environments, and threats change.  ITIL enables information security staff to discuss information security in terms other groups can understand and appreciate.<\/p>\n<p>http:\/\/www.securityfocus.com\/infocus\/1815<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-71","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/71","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=71"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/71\/revisions"}],"predecessor-version":[{"id":2558,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/71\/revisions\/2558"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=71"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=71"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=71"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}