ITIL and security

pma111
pma111 used Ask the Experts™
on
Do any of your companies adhere to ITIL's principles of security management? I know its just a framework and technology neutral, but does it help with security in your organisation or is it just a framework that anyone adhereing to security good practice would adhere to anyway? I.e. if you arent following ITIL's security management framework, but you know what you are doing, is it theoretical that by not adhering to ITIL SM that you will be causing security loopholes in your organisation..... ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Consultant
Commented:
> but does it help with security in your organisation or is it just a framework that anyone adhereing to security good practice would adhere to anyway?

Yes. it does help, but it does NOT mean all recommended practices should be fully followed. your particular business defines what you actually need. sometimes your existing good practices may cover more, and specifically.

> if you arent following ITIL's security management framework, but you know what you are doing, is it theoretical that by not adhering to ITIL SM that you will be causing security loopholes in your organisation..... ?

framework is just framework, whatever it is ITIL's best practices or ISO's standards.

if you know what you are doing and know the results and impacts, that means you already have your best practice and commonly it works well just for your specific business.

regarding if it will be causing security loopholes, it really depends on if your own best practices have covered the key security factors for your business.

it is always recommended to map the practices defined in ITIL framework with your actual practices to see any difference or anything missing, evaluate the risks and make changes if necessary.

hope it helps,
bbao

Author

Commented:
Thanks bbao, so from that do you align your security management with ITIL's framework?
bbaoIT Consultant

Commented:
basically, YES.

however, for specific business or customer, as mentioned above, it depends.

Author

Commented:
>>it is always recommended to map the practices defined in ITIL framework with your actual practices

Would you be willing to share these, do they include tools used to manage certain practices?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial