Category: (2) eTOM Process Type
Process Identifier: 1.7.2.9
Original Process Identifier: 1.3.2.8
Maturity Level: 4
Information Security Management is defined within ITIL. Its role here is as a model or template for how other process areas should operate to align with the ITIL approach, where this is relevant for the enterprise concerned. Note that not all organizations will choose to follow the ITIL approach, and thus other models for Information Security Management (or equivalent) may apply in such cases.
Information Security Management is defined within ITIL, and further information is available at: http://www.itsmf.co.uk/Shop/Products/9780113310616TheOfficialIntroductiontotheITILServiceLifecycle.aspx Its role here is as a model or template for how other process areas should operate to align with the ITIL approach, where this is relevant for the enterprise concerned. Note that not all organizations will choose to follow the ITIL approach, and thus other models for Information Security Management (or equivalent) may apply in such cases. Information Security Management addresses the safety and integrity of information within the enterprise, and aims to satisfy a Service Level Agreement that has been established with the owners/users of the information concerning these aspects. Issues involved include the availability of the information, and maintaining its integrity and confidentiality as required and agreed. More generally, Information Security Management relates to IT Service Continuity Management, since information security will form part of the overall approach for IT service continuity. The Information Security Manager is responsible for developing and managing the Security Policies and also ensuring that they are enforced. They will work closely with the IT Service Continuity Manager carrying out BIA and ensuring that the security aspects are considered appropriately. •Terminology• The use of “Information” in ITIL is consistent with its use within the TM Forum Information Framework (SID). •Linkage with eTOM process areas• ITIL Information Security Management relates to several eTOM process areas. The eTOM processes affected include: Process Identifier: 1.3.2 Process Element: Enterprise Risk Management Process Impact: Where ITIL Information Security Management is employed as a guiding mechanism, then the Enterprise Risk Management processes operate in line with this, so that business continuity management, security management, etc., are then aligned with the ITIL approach. Process Identifier: 1.3.2.1 Process Element: Business Continuity Management Process Impact: Where ITIL Information Security Management is employed as a guiding mechanism, then the Business Continuity Management processes operate in line with this, so that strategies, policies, plans, etc., are then aligned with the ITIL approach. Process Identifier: 1.3.2.2 Process Element: Security Management Process Impact: Where ITIL Information Security Management is employed as a guiding mechanism, then the Security Management processes operate in line with this, so that corporate policies, guidelines, best practices, etc., are then aligned with the ITIL approach.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
Reserved for future use.
This was created from the Frameworx 16.0 Model