Security Management:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 16:56, 20 March 2007 by Mdpeters (talk | contribs)
Jump to navigation Jump to search

Security Management

The ITIL-process Security Management describes the structured fitting of information security in the management organization. ITIL Security Management is based on the code of practice for information security management also known as ISO/IEC 17799.

A basic concept of the Security Management is the information security. The primary goal of information security is to guarantee safety of the information. Safety is to be protected against risks. Security is the means to be safe against risks. When protecting information it is the value of the information that has to be protected. These values are stipulated by the confidentiality, integrity and availability. Inferred aspects are privacy, anonymity and verifiability.

The current move towards ISO/IEC 27001 may require some revision to the ITIL Security Management best practices which are often claimed to be rich in content for physical security but weak in areas such as software and or application security and logical security in the ICT infrastructure.

References

See: Security_Policy: ISO 27001 Security Policy