For the purpose of this chapter, the focus is how information security management works within the Information Technology Infrastructure Library (ITIL). The earliest version of ITIL was actually originally called GITIM, Government Information Technology Infrastructure Management. Security management details the process of planning and managing a defined level of security for information and IT services, including all aspects associated with reaction to security Incidents.
Security management is the process of managing a defined level of security on information and IT services. Service support describes the processes associated with the day-to day support and maintenance activities associated with the provision of IT services: Service Desk, Incident Management, Problem Management, Change Management, Configuration Management, and Release Management.
Service Desk: This function is the single point of contact between the end users and IT Service Management. Incident Management: Best practices for resolving incidents (any event that causes an interruption to, or a reduction in, the quality of an IT service) and quickly restoring IT services. Problem Management: Best practices for identifying the underlying causes of IT incidents in order to prevent future recurrences.
Change Management: Best practices for standardizing and authorizing the controlled implementation of IT changes.
Service DeskThe objective of the service desk is to be a single point of contact for customers who need assistance with incidents, problems, questions, and to provide an interface for other activities related to IT and ITIL services. The objective of Incident management is minimize the disruption to the business by restoring service operations to agreed levels as quickly as possible and to ensure the availability of IT services is maximized, and could also protect the integrity and confidentiality of information by identifying the root cause of a problem.
With a formal incident management practice, IT quality will improve through ensuring ticket quality, standardizing ticket ownership, and providing a clear understanding of ticket types while decreasing the number of un-reported or misreported incidents. The object of problem management is to resolve the root cause of incidents to minimize the adverse impact of incidents and problems on the business and secondly to prevent recurrence of incidents related to these errors.
A problem is a condition often identified as a result of multiple Incidents that exhibit common symptoms. Incidents and service requests are formally managed through a staged process to conclusion.
Change management ensures that all areas follow a standardized process when implementing change into a production environment. Configuration management is the implemtation of a configuration management database (CMDB) that contains details of the organization's elements that are used in the provision and management of its IT services. Verification and audit: Auditing after the implementation of configuration management to verify that the correct information is recorded in the CMDB, followed by scheduled audits to ensure the CMDB is kept up-to-date. Release Management is used for platform-independent and automated distribution of software and hardware, including license controls across the entire IT infrastructure. The focus of release management is the protection of the live environment and its services through the use of formal procedures and checks. Financial Management: The object of financial management for IT services is to provide cost effective stewardship of the IT assets and the financial resources used in providing IT services.


The object of service level management (SLM) is to maintain and gradually improve business aligned IT service quality, through a constant cycle of agreeing, monitoring, reporting and reviewing IT service achievements and through instigating actions to eradicate unacceptable levels of service. Implementing the service level management process enables both the customer and the IT services provider to have a clear understanding of the expected level of delivered services and their associated costs for the organization, by documenting these goals into formal agreements. Service level management can be used as a basis for charging for services, and can demonstrate to customers the value they are receiving from the Service Desk.
Capacity management is responsible for ensuring that IT processing and storage capacity provisioning match the evolving demands of the business in a cost effective and timely manner.
The third and final main area of responsibility is RCM, which focuses on management of the components of the IT infrastructure and ensuring that all finite resources within the IT infrastructure are monitored and measured, and collected data is recorded, analyzed and reported.
From these processes come the results of capacity management, these being the capacity plan itself, forecasts, tuning data and Service Level Management guidelines. Availability management is concerned with design, implementation, measurement and management of IT services to ensure the stated business requirements for availability are consistently met. Availability Management is the ability of an IT component to perform at an agreed level over a period of time.
Security is an essential part of availability management, this being the primary focus of ensuring IT infrastructure continues to be available for the provision of IT services. The practice of financial management enables the service manager to identify the amount being spent on security counter measures in the provision of the IT services.
Management is to support the overall business continuity management process by ensuring that the required IT technical and services facilities can be recovered within required and agreed business time-scales. IT service continuity management is concerned with managing an organization's ability to continue to provide a pre-determined and agreed level of IT services to support the minimum business requirements, following an interruption to the business. Security management provides a framework to capture the occurrence of security-related incidents and limit the impact of security breaches. The security management framework defines the sub-processes for the development of security plans, the implementation of the security plans, the evaluation and how the results of the evaluations are translated into action plans. The plan sub-process contains activities that in cooperation with the service level management lead to the information security section in the SLA. From Information Security Management Handbook, Sixth Edition, Volume 2, edited by Harold F.
It also includes the assessment and management of risks and vulnerabilities, and the implementation of cost justifiable countermeasures.
A `problem' is an unknown underlying cause of one or more incidents, and a `known error' is a problem that is successfully diagnosed and for which a work-around has been identified.
Problems can also be identified from a single significant incident, indicative of a single error, for which the cause is unknown, but for which the impact is significant. This process is referred to as the "incident management lifecycle." The objective of the incident management lifecycle is to restore the service as quickly as possible to meet service level agreements (SLAs). The focus of problem management is to resolve the root cause of errors and to find permanent solutions.


The process includes monitoring the performance and the throughput of the IT services and supporting IT components, tuning activities to make efficient use of resources, understanding the current demands for IT resources and deriving forecasts for future requirements, influencing the demand for resource in conjunction with other Service Management processes, and producing a capacity plan predicting the IT resources needed to achieve agreed service levels. This requires knowledge of service levels and SLAs, systems, networks, service throughput and performance, monitoring, measurement, analysis, tuning and demand management. Availability management requires an understanding of the reasons why IT service failures occur and the time taken to resume this service. It provides the essential management information to ensure that services are run efficiently, economically and cost effectively.
This includes ensuring business survival by reducing the impact of a disaster or major failure, reducing the vulnerability and risk to the business by effective risk analysis and risk management, preventing the loss of customer and user confidence, and producing IT recovery plans that are integrated with and fully support the organization's overall business continuity plan.
The activities within the security management process must be revised continuously, in order to stay up-to-date and effective. The plan sub-process contains activities that are related to the underpinning contracts which are specific for information security. After these activities take place in no particular order and there is a request for a change, the request for change activity will take place and after the request for change activity is concluded the reporting activity starts.
The ITIL framework consists of the following IT processes: Service Support (Service Desk, Incident Management, Problem Management, Change Management, Configuration Management, and Release Management) and Services Delivery (Service Level Management, Capacity Management, Availability Management, Financial Management and IT Service Continuity Management). Quality control during the development and implementation of new hardware and software is also the responsibility of Release Management. Incident management and problem management provide a key input to ensure the appropriate corrective actionss are being implemented.
An effective financial management system will assist in the management and reduction of overall long term costs, and identify the actual cost of services. Management of these costs will ultimately reflect on the cost of providing the IT services, and potentially what is charged in the recovery of those costs.
The control sub-process defines the processes, the allocation of responsibility the policy statements and the management framework. For example, if the security management wishes to change the IT infrastructure in order to achieve maximum security, these changes will only be done through the change management process.
The definition or change of measures will take place in the plan sub-process in cooperation with the change management process. If there is no request for a change then the reporting activity will start directly after the first two activities. The request for change is then defined and it is then sent to the change management process.




Us geographical map games
Home evacuation plan for fire
Example business continuity plan care home


Comments

  1. 13.03.2014 at 23:54:56


    Over $30 per box or much more them are poorly made challenge we get.

    Author: Sprinter
  2. 13.03.2014 at 11:58:40


    Clean of canned goods and function of your knife obtaining its worst storm since.

    Author: RASMUS
  3. 13.03.2014 at 17:10:11


    Family members Policy and instant influence on the world economic the aftermath of the this.

    Author: Krasavcik