ITIL Security Management - The Security Management Process

The Security Management Process

The security management process consists of activities that are carried out by the security management itself or activities that are controlled by the security management.

Because organizations and their information systems constantly change, the activities within the security management process must be revised continuously, in order to stay up-to-date and effective. Security management is a continuous process and it can be compared to W. Edwards Deming's Quality Circle (Plan, Do, Check, Act).

The inputs are the requirements which are formed by the clients. The requirements are translated into security services, security quality that needs to be provided in the security section of the service level agreements. As you can see in the picture there are arrows going both ways; from the client to the SLA; from the SLA to the client and from the SLA to the plan sub-process; from the plan sub-process to the SLA. This means that both the client and the plan sub-process have inputs in the SLA and the SLA is an input for both the client and the process. The provider then develops the security plans for his/hers organization. These security plans contain the security policies and the operational level agreements. The security plans (Plan) are then implemented (Do) and the implementation is then evaluated (Check). After the evaluation then both the plans and the implementation of the plan are maintained (Act).

The activities, results/products and the process are documented. External reports are written and sent to the clients. The clients are then able to adapt their requirements based on the information received through the reports. Furthermore, the service provider can adjust their plan or the implementation based on their findings in order to satisfy all the requirements stated in the SLA (including new requirements).

Read more about this topic:  ITIL Security Management

Famous quotes containing the words security, management and/or process:

    Of course we will continue to work for cheaper electricity in the homes and on the farms of America; for better and cheaper transportation; for low interest rates; for sounder home financing; for better banking; for the regulation of security issues; for reciprocal trade among nations and for the wiping out of slums. And my friends, for all of these we have only begun to fight.
    Franklin D. Roosevelt (1882–1945)

    This we take it is the grand characteristic of our age. By our skill in Mechanism, it has come to pass, that in the management of external things we excel all other ages; while in whatever respects the pure moral nature, in true dignity of soul and character, we are perhaps inferior to most civilised ages.
    Thomas Carlyle (1795–1881)

    The American, if he has a spark of national feeling, will be humiliated by the very prospect of a foreigner’s visit to Congress—these, for the most part, illiterate hacks whose fancy vests are spotted with gravy, and whose speeches, hypocritical, unctuous, and slovenly, are spotted also with the gravy of political patronage, these persons are a reflection on the democratic process rather than of it; they expose it in its process rather than of it; they expose it in its underwear.
    Mary McCarthy (1912–1989)