Effective Information Security Management (ISM)
Applying ITIL, ISO/IEC20000 and ISO/IEC27000
A new paper by Jim Clinch provides a useful overview of the best practices and standards relevant to those looking to improve standards of information security in their organisations.
It’s good on explaining where information security fits within ITIL and it explains what’s in the pipeline as regards the ISO/IEC 27000 family.
Jim argues for a business-based approach, and provides a checklist of 9 steps:
1. Produce, maintain, distribute and enforce an Information Security Policy
2. Understand the current business security policy and plans
3. Understand and agree current and future business security requirements
4. Implement security controls that support the Information Security Policy
5. Document all security controls and their operation, maintenance and associated risks
6. Manage suppliers and contracts in respect of access to systems and services
7. Manage all security breaches and incidents
8. Proactively improve security controls and security risk management
9. Ensure security aspects are integrated into all other ITSM processes
>> ITIL Training Courses
>> Information Security Training
>> Download Jim’s Paper - ITIL v3 and Information Security (PDF - 1.89Mb)
Blogalot June 2009
information security — October 13, 2009 @ 11:44 am
Nice post!!!
good thoughts and a nice blog.Thanks for the great information …