Controlling the Process
As with all other IT processes, it is necessary to rigorously control the process in order to ensure that Security Management fulfills its objectives.
Good Security Management should translate into:
- Reducing the number of security-related incidents.
- Efficient access to information by authorised personnel.
- Proactive management allowing potential vulnerabilities to be identified before they manifest themselves or cause a serious degradation to the quality of service.
Preparing effective reports makes it possible to assess the performance of Security Management and provides vitally important information to other areas of IT infrastructure.
In particular, the documentation generated should include:
- Information on compliance with the security-related aspects of the SLAs, OLAs and UCs in force.
- List of security-related incidents classified in terms of their impact on the quality of service.
- An evaluation of the training courses given and the results obtained.
- Identification of new threats and vulnerabilities faced by the IT infrastructure.
- Security audits.
- Reports on the level of implementation and fulfillment of the security plans in place.