Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

ITIL for Information Security: A Comprehensive Analysis and Framework

Verified

Added on 2021/12/14

AI Summary

This report delves into the application of ITIL (Information Technology Infrastructure Library) for information security management. It begins by identifying key issues that can arise during ITIL implementation, such as policy-related concerns, business acceptance, assessment and classification challenges, technical difficulties, management commitment, ITIL resistance, and organizational changes. The report then explores the ITIL framework for information security, emphasizing the importance of a comprehensive approach encompassing design, management, implementation, maintenance, and enforcement of security controls. The framework is structured around five key elements: control, plan, implement, evaluate, and maintain. These elements are described in detail, outlining the processes and considerations for each stage. Furthermore, the report discusses the primary content of the selected article, the application process of ITIL in an organization, and the critical success factors for effective ITIL utilization, including management support, training, interdepartmental collaboration, tool selection, customer orientation, design and implementation strategy, IT staff quality, and evaluation and monitoring. Finally, the report provides a conclusion summarizing the discussion.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: ITIL FOR INFORMATION SECURITY
ITIL for Information Security
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1ITIL FOR INFORMATION SECURITY
Table of Contents
Introduction:..........................................................................................................................................................................................................3
Key issues for utilizing ITIL for Information Security Management:..................................................................................................................3
Policy related issue:.........................................................................................................................................................................................4
Acceptance of the Businesses:........................................................................................................................................................................4
Assessment and Classification related Issues:................................................................................................................................................5
Technical issues:.............................................................................................................................................................................................5
Commitment of the Management:...................................................................................................................................................................5
Resistance of the ITIL:....................................................................................................................................................................................6
Framework of Utilizing ITIL for Information Security Management:.................................................................................................................6
Control:............................................................................................................................................................................................................7
Plan:.................................................................................................................................................................................................................7
Implement:......................................................................................................................................................................................................7
Evaluate:..........................................................................................................................................................................................................8
Maintain:.........................................................................................................................................................................................................8
Primary Content:...................................................................................................................................................................................................9
Process of application of ITIL in organisation:.............................................................................................................................................10
Roadmap of ITIL:..........................................................................................................................................................................................11
Critical Success Factors:.....................................................................................................................................................................................12
Support of the Management:.........................................................................................................................................................................12
Training and awareness about ITIL:.............................................................................................................................................................13
Interdepartmental Collaboration:..................................................................................................................................................................13
Selection of Tools:........................................................................................................................................................................................13
Customer Orientation:...................................................................................................................................................................................13
Design and Implementation Strategy:...........................................................................................................................................................13
Quality of the allocated IT staffs for the ITIL:..............................................................................................................................................14
Evaluation and Monitoring of the ITIL Management:..................................................................................................................................14
Conclusion:..........................................................................................................................................................................................................14
References:..........................................................................................................................................................................................................16

2ITIL FOR INFORMATION SECURITY

3ITIL FOR INFORMATION SECURITY
Introduction:
The ITIL is considered as the set practices related with the IT services management.
The main focus of the ITIL is aligning the services of IT with business needs. In the present
form the ITIL is published in the market consisting a series which is having five numbers of
core volumes (Esteves & Alves, 2013). Each of this core volumes different lifecycle stage of
the ITSM. This ITIL describes the procedures, process, checklists and the tasks which not
specific with the technology nor specific with the organizations. Though it is not specific
with them but still it can be used by various organizations for integration establishment with
the strategy of the organization, minimum level of competency maintaining and with
delivering value. This system allows the organization to create a baseline from which
planning, implementation and the measurement can be done.
In this article utilization of the ITIL will be considered and by that its utilization in the
information security management will be discussed in this case. To perform this discussion
efficiently, key issues with utilizing the ITIL for the information security management will be
discussed in this case. Following this discussion of the model or the framework of the
information security management using the ITIL will be evaluated in this article. After that,
primary content of the selected article will be evaluated properly. Further, the critical success
factors of the ITIL utilization in the information security management will be evaluated.
Finally, a conclusion will be given to summarize the whole discussion of this article.
Key issues for utilizing ITIL for Information Security Management:
In the implementation of the Information Technology Infrastructure Library or the
ITIL for the Information Security Management there are various issues which can arise.
Some of this issues are very much important to mitigate and thus this issues are considered as

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4ITIL FOR INFORMATION SECURITY
the key issues which this utilization technique is facing. In the below section the main key
issues will be discussed and how this issues can be solved will be evaluated.
Policy related issue:
This policy related issue is one of the common key issue related with the information
security management. These policies are some kind of guidelines or instructions which are set
by the organizations to ensure that all the users of the information technology can use this
technology without any type of security concern (Laudon & Laudon, 2016). This security
concern is the security of the vital information of the organization which is stored within the
organization digitally. The motto of every organization is to protect and control the
confidential data of its. This means these type of data may be encrypted or authorised by
some third party system which helps to protect the system. Thus, while utilizing the ITIL in
the information security management the policy related issue of the organization can occur as
new system is implemented which might can access those confidential data (Arasu et al.,
2015). To mitigate this key issue the organization may need to revise the security policy or
may be need to create completely new policy of the information security.
Acceptance of the Businesses:
Acceptance of the ITIL services in the businesses is a key issue. Many organizations
or the businesses does not accept the implementation of the ITIL in their businesses which is
also same for the implementation of the Information Technology Infrastructure Library in the
information security management (Salcito, Wielga & Singer, 2015). This is not accepted by
many organizations because of the reason that it is not transparent to the organizations or the
businesses. The Information Technology Infrastructure Library is able to change the working
way of the organization that it can make changes in the requests which as been made by the
organization and can open the support tickets. Also, it is not accepted because many of the
organization failed to determine what benefit is provided by the ITIL in the business. Thus

5ITIL FOR INFORMATION SECURITY
the ITIL needs to show a strong support in the businesses from the very beginning. Otherwise
this will be considered as a useless thing in the organisation.
Assessment and Classification related Issues:
For the implementation of the Information Technology Infrastructure Library in the
information security management another key issue is the assessment and the classification of
the information assets. The classification of the informational assets is very much important
in the sense that it allow to identify every aspects of the information by using a standardized
system. Thus it is required to brief assessment and the classification of all the documentations
and information assets.
Technical issues:
The technical implementation related issue of the ITIL in the information security
management is a big issue. The organization need to focus on that for a successful
implementation of the ITIL (Pillai, Pundir & Ganapathy, 2014). The main reason behind the
occurrence of this issue is that the ITIL is not a technology itself. The ITIL itself is dependent
on some other technology for its execution. This technological implementations are very
much challenging in the organizations as it might be very much costly to implement or either
it maybe not supported with the current framework of the organization. Thus this dependency
is making the implementation of the ITIL in information security management very much
challenging.
Commitment of the Management:
The commitment of the management is a big success factor for utilizing the ITIL in
the information security management. Also, when the commitment of the management is not
fulfilled then this success factor becomes a key issue for utilizing the ITIL in the information
security management (Bucero & Englund, 2015). The main reason behind the occurrence of

6ITIL FOR INFORMATION SECURITY
this issue is that initially the executive management approve the program of the ITIL but later
the management failed to follow through the ITIL program due to the lack of sponsorship
support. Thus the organization must pay attention to this issue in early stages to determine
that the organization is capable of the maintaining the ITIL properly or not.
Resistance of the ITIL:
The least concerned issues but one of the most important issue is the ITIL resistances.
In most of the cases for the utilization of the ITIL in the information security management
faces various types of resistance in the implementation stage. This resistance occurs due to
the broad organizational change. This organizational changes is required to successfully
utilize the ITIL. In most of the cases the organization refuses to bring this kind of broad
changes in the organisation as it can hamper the normal processes of the organization (Haag
et al., 2013). Thus the resistances brought by the ITIL becomes a key issue in this segment.
Framework of Utilizing ITIL for Information Security Management:
The framework of utilizing the ITIL for the information security follows a basic
structure. According to the ITIL the most important thing for designing the framework is the
comprehensive and calculated approach of the designing, managing, implementing
maintaining and enforcing controls and security enforces (Peltier, 2016). The ITIL suggest to
use the Information Security Management System for the framework implementation and this
Information Security Management System should address the process, peoples, products and
technology and the partners and suppliers. Most of the information technology related
companies seek for the global certification of the ISMS framework which has been
implemented by them (Alavi, Islam & Mouratidis, 2014). This certification is done through
ISO 27001. This suggested framework of the ITIL consists total five key elements which are

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7ITIL FOR INFORMATION SECURITY
the control, plan, implement, evaluate and maintain. In the following section this key
elements will be described briefly.
Control:
The control element of this framework describes that a management framework needs
to be established. This element of the ISMS framework will manage the information security
(Brodin, 2015). With the management of the information security the control element should
also prepare the policies of the for the information security and implement them in the
system. Also, the control element should allocate the responsibilities and establish and
control the documentation. A sub activity of the control is reporting. In the reporting process
the whole process which has been targeted is documented in a specific type of way. In the
control phase there is a concept of the document control which describes how the
management of the security is organised and how it is managed efficiently.
Plan:
In the phase of the planning of the ISMS framework the main responsibilities are
understanding and gathering the requirements for the security of the organization. By
gathering the requirements of the security, recommendations are given in this stage to take
appropriate decisions based on the total allocated budget, corporate cultures and on other
factors (Stoll, Felderer & Breu, 2013). In the process of the planning the goals of the sub-
process are specified in the SLAs in a specific type of form. This form is known as the
operational level agreements. For defining the security plans this operational level
agreements can be used wisely but this operational level agreements can be used for specific
type of organization. With the SLA’s input the sub process of the plans is fully functional
with the policy statements of the service provide. These statements regarding the policies are
defined in the sub process called control.

8ITIL FOR INFORMATION SECURITY
Implement:
The next phase after the planning phase is the implement phase of the ISMS
framework. In this stage the whole determined plan is taken into the action. This process of
the implement helps to ensure that proper safeguards has been taken in this case to properly
execute the created information security policies in the progress (Ifinedo, 2014). In the phase
of the plan the change of measures take place in the cooperation with the process of the
change management.
Evaluate:
This phase is another important phase of the ISMS framework. After successfully
implementing the plans and the policies into the action, it is the time for overseeing the
implemented plans and the policies whether that are working properly or not. This process
will ensure that the systems are totally secure and all the processes of the organization is
running successfully with the compliance of the determined SLAs, policies and with the other
requirements of the security (D'Arcy, Herath & Shoss, 2014). In the phase of the evaluation
there are total three sorts of evaluation. These evaluations are the external audits, internal
audits and the self-assessment. While considering the implementations in an organization
mainly the self-assessment processes has been implemented in the organizations. In the case
of the internal audits, this is done by the IT auditors from the internal (Neu, Everett &
Rahaman, 2013). Independent IT auditors and the external IT auditors take the responsibility
of the external audits. Is has been assessed that most important aspect for the evaluation
phase is verifying the security legislations, monitoring the security of the IT systems and
implementation of the security plans.

9ITIL FOR INFORMATION SECURITY
Maintain:
The last phase of the ISMS framework is the maintain phase. If the implemented
framework of the ISMS is effective enough that means the entire process will continuously
improve with the time. In this phase chances of the improvement in the system will occur
(Whitman & Mattord, 2013). This opportunities of improvement can be taken by revising the
security agreements, SLAs and by improving the monitoring and the control process. This
phase of the starts with service level maintenance agreements and the operational level
maintenance agreements. After this process, the activity of the change request takes the place.
There after the conclusion of the report activity starts in this case. During the maintenance
phase the concept of the Meta data model are either adjusted or created.
Primary Content:
The Information Security Management or the ISM is one of the profound techniques
of management of information in the domain of Information Technology and Information
Systems (Dotcenko, Vladyko & Letenko, 2014). Management of information by the
application of the best methods and activities is one of the key aspects that determines the
wellbeing of an organisation in the corporate sector. Secured Managing of the Information
takes place with the help of a system known as the Information Security Management System
or the ISMS (Soomro, Shah & Ahmed, 2016). The ISMS is a comprehensive set of specific
measures and requirements necessary in assuring the safeguarding and security of the
valuable information, how to do it and the various assets of the company or the organisation
in both the public and the private sector.
According to Information Technology Infrastructure Library, there are six sets of
service management. These six sets can be aligned in the form of service support, service
delivery, plan to implement ISM, ICT infrastructure management, applications management

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10ITIL FOR INFORMATION SECURITY
and the business perspective. Among all the six sets of the service, management only the first
two items that are the service support and the service delivery. The other sets does not exist at
the moment. Application of ITIL in the in the Information Security Management consists of
ten disciplines that are responsible for the management and the provision of the beneficial
services of Information Technology (Iden & Eikebrokk, 2014). The method of utilizing ITIL
in ISM does not completely signify entirely a brand new approach of thinking and acting and
prefers focussing on the best practice that can be used in diverse ways according to the
requirements such that of placing the existing methods and the activities in the in a structural
form as well as establishing a strong connection between the processes avoiding the lack of
communication and interaction in between the several IT organisations (Cox, 2013).
Process of application of ITIL in organisation:
As per the notion of Information Technology Infrastructure Library, the ISMS is
beneficial for the development of the information security program that is cost effective in
nature for meeting the objectives of the business organisation. This entire set includes the
combination of the people, processes, products and technologies, partners and the suppliers
for ensuring the high levels of security. As stated in the previous section the ITIL uses a basic
framework for the security management of the valuable information within the organisations.
The basic framework of the ITIL includes of five phases. These five phases include the
controlling, planning, implementing, evaluating and maintaining of the various areas in the
organisation. In the controlling phase, the goal is to establish a management framework in
initiating with the process of information security and the structure of the organisation for the
preparation, acceptance and the implementation and the creation of the control of necessary
documentation (Peltier, 2016). The next phase of the framework includes the planning phase.
In this phase the planning mainly focuses mainly on the design and the recommendation of
appropriate security according to the requirements of the organisation. These needs of the

11ITIL FOR INFORMATION SECURITY
organisation are procured from the various types of sources such as the sales of the company
in a particular period of time, the associated service risks that the organisation has faced in
the recent past or about to face in the upcoming days, the different forms of plans and
strategies for the concerned organisation. These needs of the company proves to be critical
for the company in the long term success of the organisation. Along with all these mentioned,
the requirements of the company are also procured from several other sources such as the
Service Level Agreements or the SLA and the Operational Level Agreements or the OLA,
the licit, moral and the ethical responsibility for the secure management of the information of
the concerned organisation. The next phase of the framework of the ITIL for the information
security management is the Implementation phase. In this phase, appropriate processes, tools
and control mechanisms are the main objectives for the implementation of the ISMS to
efficiently support the policy of security. The next phase of the ISM framework is the
evaluation phase. In this phase, the analysis of the strategies applied in the implementation of
the security management for the safeguard off the information of the organisation is done. It
mainly involves the surveillance and control of compliance in respect to the security policies
and security requirements of the accounting of the technical security of the information
systems. There are several cases in the corporate world where the evaluation phase is capable
of providing valuable information to the external regulators and the external auditors who
look after the regular audits of the concerned organisation (Disterer, 2013). The ultimate
phase of the security management framework that is applied by ITIL for securing the
information vaults of the concerned organisation is the maintenance phase. This section of the
security framework aims at trying to improve the security agreement and improving the
application of the various forms of security and controls.

12ITIL FOR INFORMATION SECURITY
Roadmap of ITIL:
Any organisation is extremely benefitted from the utilization of ITIL in the
information security management by strictly abiding by the ITIL roadmap. There are certain
steps to the roadmap. The first step to the roadmap is the management and employee
commitment. The next step of the roadmap involves election of the consultants. The next step
to that involves understanding the processes, roles and the functions that are taking place
currently taking place in the system. The step that follow this step is the identification and
understanding of the key customers concerned with the organisation. To be successful in the
implementation of the process of ITIL it is important to construct a project plan that will be
beneficial for the organisation (Miller et al., 2013). The seventh step of the ITIL roadmap
involves redesigning of the processes to stick to the standards of the ITIL. The eighth step of
the process includes the appropriate selection of the ITIL tool. The next two steps of the
roadmap involves the training of the employees in regard to the transition plan and designing.
The penultimate step of the roadmap involves the implementation of the ITIL processes and
the technology in respect to the Information Security Management (Ahmad et al., 2013). An
ITIL implementation in the organisation is only successful with the evaluation of the
implementation. The ultimate step of the roadmap includes evaluation of the whole process
and improve accordingly.
Critical Success Factors:
The ITIL has become an important standard in the field of the IT services. It is agreed
by most of the companies that the implementation and management of the ITIL in their
organization was very much challenging and not all the processes of the ITIL provide equal
value to them. Thus it has become very much important for the organizations to determine
that which factors will help them to understand whether the managing of the ITIL will be

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13ITIL FOR INFORMATION SECURITY
successful or not. In the following section the critical success factors for the IITL
management will be evaluated.
Support of the Management:
The management support is a crucial success factor for the management of ITIL in the
organization for the information security management. The management support holds some
crucial significance. The management support guarantees the funding adjustment for training
(Vassilev et al., 2014), tools and consultancy. It also helps to trigger the communication
among the stakeholders. Thus by proper communication it ensures the success factor for the
ITIL management.
Training and awareness about ITIL:
The training on the ITIL and the awareness about the ITIL is another critical success
factor for the ITIL management (Salas et al., 2017). Knowledge about the ITIL
documentation can effectively help the employees to manage the ITIL in the organisation and
the awareness will reduce the resistance among the employees.
Interdepartmental Collaboration:
The interdepartmental collaboration is another critical success factor as this
maximizes the communication and the knowledge sharing in the organization for better
management of the ITIL for information security management (Von Solms & Van Niekerk,
2013). This is also able to minimize the project implementation risks due to running
overtime.
Selection of Tools:
The proper tool selection can help the organization to manage the ITIL effectively in
their organization for the information security management. The proper tools can make the

14ITIL FOR INFORMATION SECURITY
management process of the ITIL easier. Thus selection of the proper tool is very much
important and a critical success factor for the management of ITIL in the organization.
Customer Orientation:
Customer orientation delivers proactive processes of the IT (Korschun, Bhattacharya
& Swain, 2014). This processes are very much effective for managing the ITIL for the
information security management.
Design and Implementation Strategy:
For managing the ITIL system in the organization first the implementation of this
system must be effective so that it becomes easy to handle and manage (Rubin, 2017). This
design and implementation strategy delivers proper applications for an effective
implementation of the ITIL within the organization.
Quality of the allocated IT staffs for the ITIL:
Quality is an important factor for the management of the ITIL. Improving the quality
of the IT staffs allocated for the ITIL will positively impact the collaboration and the
communication (Makarios et al., 2016). Thus it will smoother the management of the ITIL in
the organization and for this reason quality of the IT staffs is a crucial success factor.
Evaluation and Monitoring of the ITIL Management:
This factor of the evaluation and monitoring of the ITIL management is another
crucial factor because it can affect the attitude towards the usage of the ITIL (Willcocks,
2013). Also, it is very much essential for the organization to bring continuous improvement
program which is very much needed for the effective management of the ITIL.

15ITIL FOR INFORMATION SECURITY
Conclusion:
From the above discussion it can be concluded that the ITIL is very much effective in
improving the efficiency of the information security management. The measures of the
information security are increasing steadily in the aspect of the complexity, importance and
the scope. It becomes very much risky, inefficient and expensive for the organizations to
depend on the home-grown processes and on the cobbled together for their system of
information security. In such of the cases the ITIL can replace this processes with integrated
and standardised process which are based on the best practices. Some of the external effort is
required in this case to improve the process how the organizations will manage and
implement the information security. It has been assessed from the article that ITIL breaks the
whole structure of the information security in four sub categories. These are the policies,
processes, procedures and the instructions for competition of the work. Polices describes the
general objective that the organization is trying to achieve. Processes described what need to
be done for achieving the objectives. Procedures described the responsibilities of the
individuals and when the objectives will be achieved. The instructions for the work provided
instruction for successful completion of the work.
Critical factors for getting the success in the ITIL utilization for information security
management has been discussed thoroughly in this paper. In this paper there are total number
of eight numbers of critical success factors has been addressed properly. This eight critical
success factors were identified by the synthesization of the ITIL. The organizations needed to
approach the initiative of the ITIL with understanding that clears the operation methods of the
organization. This understanding is required because the implementation technique of the
ITIL requires more skills than only having the knowledge about the ITIL. The involvement of
the ITIL with every individual and organization requires the change in the culture of the
organization.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16ITIL FOR INFORMATION SECURITY

17ITIL FOR INFORMATION SECURITY
References:
Ahmad, N., Tarek Amer, N., Qutaifan, F., & Alhilali, A. (2013). Technology adoption model
and a road map to successful implementation of ITIL. Journal of Enterprise
Information Management, 26(5), 553-576.
Alavi, R., Islam, S., & Mouratidis, H. (2014, June). A conceptual framework to analyze
human factors of information security management system (ISMS) in organizations.
In International Conference on Human Aspects of Information Security, Privacy, and
Trust (pp. 297-305). Springer, Cham.
Arasu, A., Eguro, K., Joglekar, M., Kaushik, R., Kossmann, D., & Ramamurthy, R. (2015,
April). Transaction processing on confidential data using cipherbase. In Data
Engineering (ICDE), 2015 IEEE 31st International Conference on (pp. 435-446).
IEEE.
Brodin, M. (2015). Combining ISMS with strategic management: the case of BYOD. In 8th
IADIS International Conference on Information Systems 2015, 14–16 March,
Madeira, Portugal (pp. 161-168). IADIS Press.
Bucero, A., & Englund, R. L. (2015, October). Project sponsorship: Achieving management
commitment for project success. Project Management Institute.
Cox, D. S. (2013). Factors Influencing Adoption of Information Technology Infrastructure
Library: Utilizing the Technology Acceptance Model (TAM). ProQuest LLC.
D'Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee responses to stressful
information security requirements: A coping perspective. Journal of Management
Information Systems, 31(2), 285-318.

18ITIL FOR INFORMATION SECURITY
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security
management. Journal of Information Security, 4(02), 92.
Dotcenko, S., Vladyko, A., & Letenko, I. (2014, February). A fuzzy logic-based information
security management for software-defined networks. In Advanced Communication
Technology (ICACT), 2014 16th International Conference on(pp. 167-171). IEEE.
Esteves, R., & Alves, P. (2013). Implementation of an information technology infrastructure
library process–the resistance to change. Procedia Technology, 9, 505-510.
Haag, S., Born, F., Kreuzer, S., & Bernius, S. (2013, September). Organizational resistance to
e-invoicing–Results from an empirical investigation among SMEs. In International
Conference on Electronic Government (pp. 286-297). Springer, Berlin, Heidelberg.
Iden, J., & Eikebrokk, T. R. (2014). Exploring the relationship between information
technology infrastructure library and process management: theory development and
empirical testing. Knowledge and Process Management, 21(4), 292-306.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1),
69-79.
Korschun, D., Bhattacharya, C. B., & Swain, S. D. (2014). Corporate social responsibility,
customer orientation, and the job performance of frontline employees. Journal of
Marketing, 78(3), 20-37.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

19ITIL FOR INFORMATION SECURITY
Makarios, M., Lovins, L., Latessa, E., & Smith, P. (2016). Staff quality and treatment
effectiveness: An examination of the relationship between staff factors and the
effectiveness of correctional programs. Justice Quarterly, 33(2), 348-367.
Miller, A., Campos-Nanez, E., Fomin, P., & Wasek, J. (2013). An IT Infrastructure Library
(ITIL) Maturity Strategy for Private Cloud Sourcing Models: A Literature Review
and Research Methodology Formation. ISICO 2013, 2013.
Neu, D., Everett, J., & Rahaman, A. S. (2013). Internal auditing and corruption within
government: The case of the Canadian Sponsorship Program. Contemporary
Accounting Research, 30(3), 1223-1250.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Pillai, A. K. R., Pundir, A. K., & Ganapathy, L. (2014). Improving information technology
infrastructure library service delivery using an integrated lean six sigma framework:
A case study in a software application support scenario. Journal of Software
Engineering and Applications, 7(06), 483.
Rubin, R. E. (2017). Foundations of library and information science. American Library
Association.
Salas, E., Prince, C., Baker, D. P., & Shrestha, L. (2017). Situation awareness in team
performance: Implications for measurement and training. In Situational
Awareness (pp. 63-76). Routledge.
Salcito, K., Wielga, C., & Singer, B. H. (2015). Corporate human rights commitments and the
psychology of business acceptance of human rights duties: A multi-industry
analysis. The International Journal of Human Rights, 19(6), 673-696.

20ITIL FOR INFORMATION SECURITY
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
Stoll, M., Felderer, M., & Breu, R. (2013). Information management for holistic,
collaborative information security management. In Emerging Trends in Computing,
Informatics, Systems Sciences, and Engineering (pp. 211-224). Springer, New York,
NY.
Vassilev, I., Rogers, A., Kennedy, A., & Koetsenruijter, J. (2014). The influence of social
networks on self-management support: a metasynthesis. BMC public health, 14(1),
719.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Whitman, M., & Mattord, H. (2013). Management of information security. Nelson Education.
Willcocks, L. (2013). Information management: the evaluation of information systems
investments. Springer.