Keep up-to-date with ITIL news. Low volume to-the-point bulletins...
Information Security Management - an ITIL version
Information Security Management in this digital age plays a key role in Service Management.  It must align itself with IT Security and Business Security in order to ensure that information security across the organisation is controlled and managed.
The Information Security Management process includes:
  • A policy
  • An Information Security Management System (ISMS)
  • Structure and controls
  • Risk Management
  • Communication strategy
There are industry standards that can be utilised in order to improve Information Security such as ISO 27001 which an international standard, made up of five elements:
  • Control
  • Plan
  • Implement
  • Evaluate
  • Maintain
There are various activities that Information Security Management should include:
  • Operation, maintenance and distribution of the Information Security Management policy.  This ensures that all staff (internal and external) are aware and adhere to the policy.

  • Communication, implementation and enforcement of policies

  • Assessment of Management Information

  • Documenting and  subsequent implementation of controls that support the process

  • Monitoring and managing any breaches or incidents associated to Information Security Management

  • Proactive improvement of the process
This process is an ongoing activity and the Information Security Manager must recognise that it is not just one part of the lifecycle and guaranteed by technology on its own.
There are four key elements which can assist:
  • Threat
    Prevention and reduction by evaluating and reporting

  • Incident
    Detection and repression by evaluating and reporting

  • Damage
    Correction and recovery by evaluating and reporting

  • Control
    Bringing the situation under control and learning from experience
Be the first to leave a comment about the above article...

Please submit any comments you have about this article.

Your feedback will help add value to the content for other visitors and help us develop the content for the benefit of all.

You will need to provide and verify your e-mail address but your personal information will not be published or passed on to others. To identify each post we take the part of your email address before the @ sign and use that as the identifier, so if you are your post will be marked "by john.smith".

NB: We respond personally to every post, if it calls for it.

If you prefer to respond without posting your comment please use our contact form.

Click the REVIEW button below to preview your comments.

Tags; Information Security Management,ITIL perspective,Service Management,IT Security,Business Security,Information Security Management System,ISMS,ISO 27001
This article has been viewed 27820 times.
NB: This page is © Copyright and / or the relevant publishing author. You may copy this article only in it's entirety, including any author bio and / or credits, and you must link back to

Keeping up-to-date with ITIL...

Keep up-to-date with ITIL news. Low volume to-the-point bulletins...