ITIL- IT Service Management

Spanish version  | Contact Osiatis
 
Security Management > Process > Security Policy
IT Management Fundamentals
The Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Service Level Management
Service Financial Management
Capacity Management
Service Continuity Management
Availability Management
Security Management


RetrocederAvanzar

Security Management

Security Policy

It is essential to have a general framework in which to set all the subprocesses associated with Security Management. Its complexity and intricate interrelationships call for a clear global policy defining aspects such as the objectives, responsibilities and resources.

In particular the Security Policy has to define:

Security Plan

The aim of the Security Plan is to set the levels of security that need to be included as a part of the SLAs, OLAs and UCs.

This plan has to be drawn up on cooperation with Service Level Management, which is ultimately responsible for both the quality of the service delivered to customers and the service received by the IT organisation and external suppliers.

The Security Plan has to be defined in such a way as to offer a better and more secure service to customers and never as an obstacle to developing their business activities.

Whenever possible, key metrics and indicators should be defined to allow the agreed levels of security to be evaluated.

An essential aspect to take into account is establishing consistent security protocols covering all the phases of the service and all the levels involved. "A chain is only as strong as its weakest link", so it makes no sense, for example, to establish strict access standards if an application has vulnerabilities to SQL injections. This may enable you to fool some of your customers for a while by giving them an image of strength, but this will be worth little if someone discovers that the back door is open.

RetrocederRetrocederAvanzar
 
Version 2.0