-
Essay / The Practice of Information Security Management
Famous cryptographer Bruce Schneier once said that "[p]eople often represent the weakest link in the security chain and are chronically responsible for the failure of security systems” (Schneier, 2000). The practice of information security management is used by businesses through a variety of standards, best practices and frameworks to combat this problem. Their adoption of best practices from the public domain allows companies to strive to make improvements through their own interpretation. These best practices come from standards such as ISO/IEC 27000, proprietary knowledge and public frameworks such as COBIT, Six Sigma or ITIL. The frameworks “exist to help organizations assess their security risks, implement appropriate security controls, and comply with governance requirements and privacy and information security regulations” ( Saint-Germain, 2005, p. 60). ITIL is defined as the information technology infrastructure library that serves as the governance framework for information technology service management (ITSM). ITSM allows the company to take charge of IT services. MGMT 7 devotes an entire chapter to information management. The strategic importance of information is emphasized and organizations must take appropriate measures to protect this data. Successful implementation of ITIL's ISM process with the support of ISO standards will enable effective risk management of security issues that an organization may encounter. To fully understand how ITIL supports ISM practices, a closer look at how ITIL came to fruition and how ITIL works is due. The framework has gained popularity due to its vendor-neutral policies that are not tied to any commercial enterprise (ITpreneurs, 2014, p. 15). Other reasons...... middle of paper...... implementations3. Check. Monitor and review the ISMSa. Assess operational risk4. Act. Maintain and improve ISMSa. Measure and Monitor (Tipton & Krause, 2008, p. 20)Considering the article ITIL – ISO Supplement to ISO Standards atStructure of ISMS in relation to itil, ITIL details the steps to follow through individual processesBy following the successful process, then what defines a service? and customers Overall, organizations will continue to face problems related to a lack of security or a poorly managed security system. Something about risks. By successfully employing information security management through the adoption of standards, best practices and frameworks, ISM will enable organizations to better prepare for security issues that may arise. Successful implementation of ITIL's ISM process with the support of ISO standards can achieve