ITIL for Information Security: A Comprehensive Analysis and Framework

Verified

Added on  2021/12/14

|21
|5597
|56
Report
AI Summary
This report delves into the application of ITIL (Information Technology Infrastructure Library) for information security management. It begins by identifying key issues that can arise during ITIL implementation, such as policy-related concerns, business acceptance, assessment and classification challenges, technical difficulties, management commitment, ITIL resistance, and organizational changes. The report then explores the ITIL framework for information security, emphasizing the importance of a comprehensive approach encompassing design, management, implementation, maintenance, and enforcement of security controls. The framework is structured around five key elements: control, plan, implement, evaluate, and maintain. These elements are described in detail, outlining the processes and considerations for each stage. Furthermore, the report discusses the primary content of the selected article, the application process of ITIL in an organization, and the critical success factors for effective ITIL utilization, including management support, training, interdepartmental collaboration, tool selection, customer orientation, design and implementation strategy, IT staff quality, and evaluation and monitoring. Finally, the report provides a conclusion summarizing the discussion.
Document Page
Running head: ITIL FOR INFORMATION SECURITY
ITIL for Information Security
Name of the Student
Name of the University
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1ITIL FOR INFORMATION SECURITY
Table of Contents
Introduction:..........................................................................................................................................................................................................3
Key issues for utilizing ITIL for Information Security Management:..................................................................................................................3
Policy related issue:.........................................................................................................................................................................................4
Acceptance of the Businesses:........................................................................................................................................................................4
Assessment and Classification related Issues:................................................................................................................................................5
Technical issues:.............................................................................................................................................................................................5
Commitment of the Management:...................................................................................................................................................................5
Resistance of the ITIL:....................................................................................................................................................................................6
Framework of Utilizing ITIL for Information Security Management:.................................................................................................................6
Control:............................................................................................................................................................................................................7
Plan:.................................................................................................................................................................................................................7
Implement:......................................................................................................................................................................................................7
Evaluate:..........................................................................................................................................................................................................8
Maintain:.........................................................................................................................................................................................................8
Primary Content:...................................................................................................................................................................................................9
Process of application of ITIL in organisation:.............................................................................................................................................10
Roadmap of ITIL:..........................................................................................................................................................................................11
Critical Success Factors:.....................................................................................................................................................................................12
Support of the Management:.........................................................................................................................................................................12
Training and awareness about ITIL:.............................................................................................................................................................13
Interdepartmental Collaboration:..................................................................................................................................................................13
Selection of Tools:........................................................................................................................................................................................13
Customer Orientation:...................................................................................................................................................................................13
Design and Implementation Strategy:...........................................................................................................................................................13
Quality of the allocated IT staffs for the ITIL:..............................................................................................................................................14
Evaluation and Monitoring of the ITIL Management:..................................................................................................................................14
Conclusion:..........................................................................................................................................................................................................14
References:..........................................................................................................................................................................................................16
Document Page
2ITIL FOR INFORMATION SECURITY
Document Page
3ITIL FOR INFORMATION SECURITY
Introduction:
The ITIL is considered as the set practices related with the IT services management.
The main focus of the ITIL is aligning the services of IT with business needs. In the present
form the ITIL is published in the market consisting a series which is having five numbers of
core volumes (Esteves & Alves, 2013). Each of this core volumes different lifecycle stage of
the ITSM. This ITIL describes the procedures, process, checklists and the tasks which not
specific with the technology nor specific with the organizations. Though it is not specific
with them but still it can be used by various organizations for integration establishment with
the strategy of the organization, minimum level of competency maintaining and with
delivering value. This system allows the organization to create a baseline from which
planning, implementation and the measurement can be done.
In this article utilization of the ITIL will be considered and by that its utilization in the
information security management will be discussed in this case. To perform this discussion
efficiently, key issues with utilizing the ITIL for the information security management will be
discussed in this case. Following this discussion of the model or the framework of the
information security management using the ITIL will be evaluated in this article. After that,
primary content of the selected article will be evaluated properly. Further, the critical success
factors of the ITIL utilization in the information security management will be evaluated.
Finally, a conclusion will be given to summarize the whole discussion of this article.
Key issues for utilizing ITIL for Information Security Management:
In the implementation of the Information Technology Infrastructure Library or the
ITIL for the Information Security Management there are various issues which can arise.
Some of this issues are very much important to mitigate and thus this issues are considered as
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4ITIL FOR INFORMATION SECURITY
the key issues which this utilization technique is facing. In the below section the main key
issues will be discussed and how this issues can be solved will be evaluated.
Policy related issue:
This policy related issue is one of the common key issue related with the information
security management. These policies are some kind of guidelines or instructions which are set
by the organizations to ensure that all the users of the information technology can use this
technology without any type of security concern (Laudon & Laudon, 2016). This security
concern is the security of the vital information of the organization which is stored within the
organization digitally. The motto of every organization is to protect and control the
confidential data of its. This means these type of data may be encrypted or authorised by
some third party system which helps to protect the system. Thus, while utilizing the ITIL in
the information security management the policy related issue of the organization can occur as
new system is implemented which might can access those confidential data (Arasu et al.,
2015). To mitigate this key issue the organization may need to revise the security policy or
may be need to create completely new policy of the information security.
Acceptance of the Businesses:
Acceptance of the ITIL services in the businesses is a key issue. Many organizations
or the businesses does not accept the implementation of the ITIL in their businesses which is
also same for the implementation of the Information Technology Infrastructure Library in the
information security management (Salcito, Wielga & Singer, 2015). This is not accepted by
many organizations because of the reason that it is not transparent to the organizations or the
businesses. The Information Technology Infrastructure Library is able to change the working
way of the organization that it can make changes in the requests which as been made by the
organization and can open the support tickets. Also, it is not accepted because many of the
organization failed to determine what benefit is provided by the ITIL in the business. Thus
Document Page
5ITIL FOR INFORMATION SECURITY
the ITIL needs to show a strong support in the businesses from the very beginning. Otherwise
this will be considered as a useless thing in the organisation.
Assessment and Classification related Issues:
For the implementation of the Information Technology Infrastructure Library in the
information security management another key issue is the assessment and the classification of
the information assets. The classification of the informational assets is very much important
in the sense that it allow to identify every aspects of the information by using a standardized
system. Thus it is required to brief assessment and the classification of all the documentations
and information assets.
Technical issues:
The technical implementation related issue of the ITIL in the information security
management is a big issue. The organization need to focus on that for a successful
implementation of the ITIL (Pillai, Pundir & Ganapathy, 2014). The main reason behind the
occurrence of this issue is that the ITIL is not a technology itself. The ITIL itself is dependent
on some other technology for its execution. This technological implementations are very
much challenging in the organizations as it might be very much costly to implement or either
it maybe not supported with the current framework of the organization. Thus this dependency
is making the implementation of the ITIL in information security management very much
challenging.
Commitment of the Management:
The commitment of the management is a big success factor for utilizing the ITIL in
the information security management. Also, when the commitment of the management is not
fulfilled then this success factor becomes a key issue for utilizing the ITIL in the information
security management (Bucero & Englund, 2015). The main reason behind the occurrence of
Document Page
6ITIL FOR INFORMATION SECURITY
this issue is that initially the executive management approve the program of the ITIL but later
the management failed to follow through the ITIL program due to the lack of sponsorship
support. Thus the organization must pay attention to this issue in early stages to determine
that the organization is capable of the maintaining the ITIL properly or not.
Resistance of the ITIL:
The least concerned issues but one of the most important issue is the ITIL resistances.
In most of the cases for the utilization of the ITIL in the information security management
faces various types of resistance in the implementation stage. This resistance occurs due to
the broad organizational change. This organizational changes is required to successfully
utilize the ITIL. In most of the cases the organization refuses to bring this kind of broad
changes in the organisation as it can hamper the normal processes of the organization (Haag
et al., 2013). Thus the resistances brought by the ITIL becomes a key issue in this segment.
Framework of Utilizing ITIL for Information Security Management:
The framework of utilizing the ITIL for the information security follows a basic
structure. According to the ITIL the most important thing for designing the framework is the
comprehensive and calculated approach of the designing, managing, implementing
maintaining and enforcing controls and security enforces (Peltier, 2016). The ITIL suggest to
use the Information Security Management System for the framework implementation and this
Information Security Management System should address the process, peoples, products and
technology and the partners and suppliers. Most of the information technology related
companies seek for the global certification of the ISMS framework which has been
implemented by them (Alavi, Islam & Mouratidis, 2014). This certification is done through
ISO 27001. This suggested framework of the ITIL consists total five key elements which are
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7ITIL FOR INFORMATION SECURITY
the control, plan, implement, evaluate and maintain. In the following section this key
elements will be described briefly.
Control:
The control element of this framework describes that a management framework needs
to be established. This element of the ISMS framework will manage the information security
(Brodin, 2015). With the management of the information security the control element should
also prepare the policies of the for the information security and implement them in the
system. Also, the control element should allocate the responsibilities and establish and
control the documentation. A sub activity of the control is reporting. In the reporting process
the whole process which has been targeted is documented in a specific type of way. In the
control phase there is a concept of the document control which describes how the
management of the security is organised and how it is managed efficiently.
Plan:
In the phase of the planning of the ISMS framework the main responsibilities are
understanding and gathering the requirements for the security of the organization. By
gathering the requirements of the security, recommendations are given in this stage to take
appropriate decisions based on the total allocated budget, corporate cultures and on other
factors (Stoll, Felderer & Breu, 2013). In the process of the planning the goals of the sub-
process are specified in the SLAs in a specific type of form. This form is known as the
operational level agreements. For defining the security plans this operational level
agreements can be used wisely but this operational level agreements can be used for specific
type of organization. With the SLA’s input the sub process of the plans is fully functional
with the policy statements of the service provide. These statements regarding the policies are
defined in the sub process called control.
Document Page
8ITIL FOR INFORMATION SECURITY
Implement:
The next phase after the planning phase is the implement phase of the ISMS
framework. In this stage the whole determined plan is taken into the action. This process of
the implement helps to ensure that proper safeguards has been taken in this case to properly
execute the created information security policies in the progress (Ifinedo, 2014). In the phase
of the plan the change of measures take place in the cooperation with the process of the
change management.
Evaluate:
This phase is another important phase of the ISMS framework. After successfully
implementing the plans and the policies into the action, it is the time for overseeing the
implemented plans and the policies whether that are working properly or not. This process
will ensure that the systems are totally secure and all the processes of the organization is
running successfully with the compliance of the determined SLAs, policies and with the other
requirements of the security (D'Arcy, Herath & Shoss, 2014). In the phase of the evaluation
there are total three sorts of evaluation. These evaluations are the external audits, internal
audits and the self-assessment. While considering the implementations in an organization
mainly the self-assessment processes has been implemented in the organizations. In the case
of the internal audits, this is done by the IT auditors from the internal (Neu, Everett &
Rahaman, 2013). Independent IT auditors and the external IT auditors take the responsibility
of the external audits. Is has been assessed that most important aspect for the evaluation
phase is verifying the security legislations, monitoring the security of the IT systems and
implementation of the security plans.
Document Page
9ITIL FOR INFORMATION SECURITY
Maintain:
The last phase of the ISMS framework is the maintain phase. If the implemented
framework of the ISMS is effective enough that means the entire process will continuously
improve with the time. In this phase chances of the improvement in the system will occur
(Whitman & Mattord, 2013). This opportunities of improvement can be taken by revising the
security agreements, SLAs and by improving the monitoring and the control process. This
phase of the starts with service level maintenance agreements and the operational level
maintenance agreements. After this process, the activity of the change request takes the place.
There after the conclusion of the report activity starts in this case. During the maintenance
phase the concept of the Meta data model are either adjusted or created.
Primary Content:
The Information Security Management or the ISM is one of the profound techniques
of management of information in the domain of Information Technology and Information
Systems (Dotcenko, Vladyko & Letenko, 2014). Management of information by the
application of the best methods and activities is one of the key aspects that determines the
wellbeing of an organisation in the corporate sector. Secured Managing of the Information
takes place with the help of a system known as the Information Security Management System
or the ISMS (Soomro, Shah & Ahmed, 2016). The ISMS is a comprehensive set of specific
measures and requirements necessary in assuring the safeguarding and security of the
valuable information, how to do it and the various assets of the company or the organisation
in both the public and the private sector.
According to Information Technology Infrastructure Library, there are six sets of
service management. These six sets can be aligned in the form of service support, service
delivery, plan to implement ISM, ICT infrastructure management, applications management
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10ITIL FOR INFORMATION SECURITY
and the business perspective. Among all the six sets of the service, management only the first
two items that are the service support and the service delivery. The other sets does not exist at
the moment. Application of ITIL in the in the Information Security Management consists of
ten disciplines that are responsible for the management and the provision of the beneficial
services of Information Technology (Iden & Eikebrokk, 2014). The method of utilizing ITIL
in ISM does not completely signify entirely a brand new approach of thinking and acting and
prefers focussing on the best practice that can be used in diverse ways according to the
requirements such that of placing the existing methods and the activities in the in a structural
form as well as establishing a strong connection between the processes avoiding the lack of
communication and interaction in between the several IT organisations (Cox, 2013).
Process of application of ITIL in organisation:
As per the notion of Information Technology Infrastructure Library, the ISMS is
beneficial for the development of the information security program that is cost effective in
nature for meeting the objectives of the business organisation. This entire set includes the
combination of the people, processes, products and technologies, partners and the suppliers
for ensuring the high levels of security. As stated in the previous section the ITIL uses a basic
framework for the security management of the valuable information within the organisations.
The basic framework of the ITIL includes of five phases. These five phases include the
controlling, planning, implementing, evaluating and maintaining of the various areas in the
organisation. In the controlling phase, the goal is to establish a management framework in
initiating with the process of information security and the structure of the organisation for the
preparation, acceptance and the implementation and the creation of the control of necessary
documentation (Peltier, 2016). The next phase of the framework includes the planning phase.
In this phase the planning mainly focuses mainly on the design and the recommendation of
appropriate security according to the requirements of the organisation. These needs of the
Document Page
11ITIL FOR INFORMATION SECURITY
organisation are procured from the various types of sources such as the sales of the company
in a particular period of time, the associated service risks that the organisation has faced in
the recent past or about to face in the upcoming days, the different forms of plans and
strategies for the concerned organisation. These needs of the company proves to be critical
for the company in the long term success of the organisation. Along with all these mentioned,
the requirements of the company are also procured from several other sources such as the
Service Level Agreements or the SLA and the Operational Level Agreements or the OLA,
the licit, moral and the ethical responsibility for the secure management of the information of
the concerned organisation. The next phase of the framework of the ITIL for the information
security management is the Implementation phase. In this phase, appropriate processes, tools
and control mechanisms are the main objectives for the implementation of the ISMS to
efficiently support the policy of security. The next phase of the ISM framework is the
evaluation phase. In this phase, the analysis of the strategies applied in the implementation of
the security management for the safeguard off the information of the organisation is done. It
mainly involves the surveillance and control of compliance in respect to the security policies
and security requirements of the accounting of the technical security of the information
systems. There are several cases in the corporate world where the evaluation phase is capable
of providing valuable information to the external regulators and the external auditors who
look after the regular audits of the concerned organisation (Disterer, 2013). The ultimate
phase of the security management framework that is applied by ITIL for securing the
information vaults of the concerned organisation is the maintenance phase. This section of the
security framework aims at trying to improve the security agreement and improving the
application of the various forms of security and controls.
chevron_up_icon
1 out of 21
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]