Category:Information Security Management

From IT frameworks

Jump to: navigation, search

The ITIL Map

Define a vision for your IT organisation that is aligned with the Business.Control your IT expenses!Ensure correct handling of future expectations and requirements.Provide assurance of IT services.Ensure agreement with your customer on services.Guarantee an up to date service menu.Ensure the correct capacity of your services.Ensure the correct avalability of your services.Plan for the unexpected.Ensure appropriate security for your services.Control who delivers to us.Reply to user requests in a service minded manner.Solve the unexpected in the daily operations!Detect and sort activities in your IT infrastructure.Ensure correct access to your services.Fix the unexpected in the daily operations.Reduce mistakes affecting Business.Control the changes to the IT infrastructure.Predicted performance vs. Actual performance.Change services without unexpected downtime.Assure that your service does what is intended.Keep the knowledge in your company!Keep track of how your services are interconnected.Know how to measure your services.Ensure correct analysis of your services.Standstill = Decline!Friendly and helpful single point of contact for your users.Contract between you and your customers.ITILv3 TheMap.png
About this image

Information Security Management is a key process in the Service Design life cycle phase.

Contents

Goals & Objectives

CIA

  • Confidentiality - exclusive information is only available to those allowed
  • Availability - Information is available when necessary
  • Integrity - information is correct and accurate

Terminology

  • Preventive measures - Have security policy in place and implement Access management (Prevent)
  • Reductive measures - Backup & testing (Limit)
  • Detective measures - Detect through Event management (Detect)
  • Repressive measures - Blocking (Suppress)
  • Corrective measures - Rollback plans, redundancy (Repair)

Roles

Example of flow for the proactive part of the information security work.

Example of flow for handling a security breach.

Scope

Information Security Management must have access ainto all systems and information in the IT Organisation and the business.

All present and future policies and plans, especially secuity policies, must be managed.

Activities

Maintaining the Information Security Management System

  • With effective and efficient design of the 4 Ps (Products, People, Partners & Processes), information security management can be implemented.
  • CSI as always is continually applied.

Interfaces

Change Management process must at least keep the Information Security Manager informed (RACI) All changes to businees security requirements should trigger Information security management.

Inputs/Outputs

Inputs

Outputs

  • New or updated security policies
  • Security controls
  • Security advice
  • Accurate information available to exclusive parties, when they need it
  • Security policy

Value to the Business

Ensuring an agreed security policy is in place and being upheld.

Implementation

Strict Change Management must be in place for Information Security Management to be correctly implemented. On all services offered Information Security Management must be included as a key process in all service life cycle phases.

Value to the business must be clearly shown. Proper business Risk Management (MoR) should define the needs for security policies in place.

Challenges to implementation

Tips for exam

  • CIA - Confidentiality, Integrity, and Availability.
  • Information Security Management defines the security policies

References and resources

Service Design, OGC

Pages in category "Information Security Management"

The following 2 pages are in this category, out of 2 total.

I

Retrieved from "http://www.itframeworks.org/wiki/Category:Information_Security_Management"
Personal tools