This Blog
Syndication
Recent Posts
Tags
Calendar
Archives
To ITIL® V3 and Beyond: Travels with Rob Stroud
ITIL and Security
The commingling of ITIL® and security has drawn increased attention at the conferences I've attended recently. No doubt security is a hot topic, fueled by highly publicized security exposures.
Though ITIL v3 formally introduces the security concept of Access Management to ITIL for the first time, ITIL processes have dealt with security issues for several years. Five years ago, IT service desks everywhere faced a huge issue in the ever-mounting numbers of password resets needed--a problem caused by the large number of passwords, draconian password change rules and lack of self help capabilities. Password resets represented up to 60% of all service desk incidents in many organizations. Today we have a self help capability for resetting passwords and automated processes to request and automate access. These automated processes are similar to the ITIL v3 processes from the Service Operations volume for Access Management and Self Help and are great examples of business driven automation now promoted by ITIL v3.
Within the security arena there are evolving standards in the ISO 27000 series (the series of standards have been specifically reserved by the International Organization for Standardization (ISO) for information security matters). ISO 27001 is an accepted standard currently in use and is intended to be used in conjunction with the coming ISO 27002, which will replace ISO 17799. ISO 17799 is a generic set of best practices for the security of information systems, considered by some to be the foremost security specification document in the world.
The IT Governance Institute, of which I am a board member, worked with the Office of Government Commerce (OGC) on a paper exploring the relationship between the best practice frameworks COBIT and ITIL with security management as described in IS0 17799. The joint publication on "Aligning COBIT, ITIL and ISO 17799 for Business Benefit" is available for download and is one of ITGI's most requested publications.
I am pleased to advise that a refresh of this document is currently underway and is scheduled for release in the first half of 2008. The new version will provide additional guidance on leveraging COBIT and ITIL to address security issues.
ITIL® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office.
About Robert Stroud
Robert Stroud is Vice President and IT Service Management and IT Governance Evangelist at CA. In this role, he helps ensure that the company’s solutions adhere to best practices and mentors organizations on driving maximum business value from their ITIL initiatives. A 25 year IT veteran, Robert was recently elected International Vice President of ISACA (previously known as the Information Systems and Control Association) and Vice President of ISACA’s research affiliate, the IT Governance Institute (ITGI). He is a recognized industry speaker and leader, serving on the USA itSMF Advisory Board, its Governance Committee and the COBIT Steering Committee. He worked on the ITIL Version 3 project as part of the ITIL Advisory Group and as a Mentor and Reviewer for some of the newly published ITIL V3 volumes. He has authored several titles on ITIL and COBIT and served as a reviewer of the COBIT 4.0 to ITIL Version 2 mapping document.
Print
Email
Rate
Comments