The Practice Of Information Security Management

1160 Words5 Pages
The famous cryptographer Bruce Schneier once said that “[p]eople often represent the weakest link in the security chain and are chronically responsible for the failure of security systems” (Schneier, 2000). The practice of Information Security Management is employed by businesses through a variety of standards, best practices, and frameworks to combat this issue. Their adoption of best practices in the public domain allows businesses to strive for improvements through their own interpretation. These best practices are sourced from standards such as ISO/IEC 27000, proprietary knowledge and public frameworks such as COBIT, Six Sigma, or ITIL. The frameworks “exist to help organizations assess their security risks, implement appropriate security controls, and comply with governance requirements as well as privacy and information security regulations” (Saint-Germain, 2005, p. 60). ITIL is defined as the Information Technology Infrastructure Library that serves as a governance framework of Information Technology Service Management (ITSM). ITSM enables the business through the support of IT services. MGMT 7 dedicates an entire chapter to the management of information. The strategic importance of information is stressed and organizations must take the proper measures to protect that data. A successful implementation of ITIL’s ISM process with the support of ISO standards will allow for effective risk management of security issues that an organization may encounter.
To fully understand how ITIL supports ISM practices, a deeper look at ITIL how came into fruition and how ITIL works is due. The framework has gained popularity due its vendor-neutral policies that are not tied to any commercial company (ITpreneurs, 2014, p. 15). Other reas...

... middle of paper ...

3. Check. Monitor and review the ISMS
a. Assess operational risk
4. Act. Maintain and improve the ISMS
a. Measure and monitor (Tipton & Krause, 2008, p. 20)

Considering the ITIL – ISO article ISO Standards supplement to

Structure of the ISMS compared to itil

, ITIL details the steps to be taken through individual processes
By following the successful processe sSo what defines a service? and customers

All in all, organizations will continue to face issues arising from a lack of security or an improperly managed security system. Something about risks. By successfully employing Information Security Management through the adoption of standards, best practices, and frameworks, ISM will allow organizations to better prepare for security issues that may arise. Successfully implementing ITIL’s ISM process with the support of ISO standards can achieve
Open Document