Security Management
ITIL® defines Security Management as:
…the process of managing a defined level of security on information and IT services…[and] managing the reaction to security incidents.
Security Management is often shown as a separate process, distinct from the Disciplines that make up Service Delivery and Service support. In this sense ITIL treats Security Management as external to, but supportive of, the Service Management core. Plexent believes that Security Management is better visualized as surrounding and protecting the core, providing a backdrop against which the other Disciplines operate and a context in which they should be evaluated. This concept is illustrated below.
At the highest level, Security Management impacts all Disciplines and should be reflected in the levels of confidentiality, integrity, and availability required within the Service Level Agreements (SLAs) and Operational Level Agreements (OLAs) under Service Level Management. At a lower level, there is a close kinship between Security and Continuity Management in that each relies heavily on the tools and techniques of risk management. This reliance can be seen by reviewing the activities necessary to implement Security Management as shown in the diagram below. more »
