Is ITIL an audit benchmark for vulnerability management
Posted on 2012-03-12
Is ITIL more geared towards audit as opposed to vulnerability assessment?
Say for example if you looked at a set of web servers and found they were insecure due to multiple vulnerabilities, it is really an "as is" type review, as opposed to an "how things came to be this way", which I guess ITIL procedures could provide?
So could ITIL be used to identify "How things came to be that way" for security issues? If so are there any specific ITIL modules that focus specifically on security and security management?