Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • ITSM and Information Security - Nolan Declan 01

    Загружено:

    Kubra Aslan
    60 просмотров31 страница
    ITSM and Information Security Bridging the Gap Declan nolan, Devoteam UK. Www.devoteam.co.uk Fundamentals of Information Security Confidentiality Is the information only accessible by authorised personnel? Integrity Can we be sure that the information has not been tampered-with?

    Исходное описание:

    Оригинальное название

    ITSM and Information Security - Nolan Declan 01 (1)

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    ITSM and Information Security Bridging the Gap Declan nolan, Devoteam UK. Www.devoteam.co.uk Fundamentals of Information Security Confidentiality Is the information only accessible by authorised personnel? Integrity Can we be sure that the information has not been tampered-with?

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    60 просмотров31 страница

    ITSM and Information Security - Nolan Declan 01

    Загружено:

    Kubra Aslan
    ITSM and Information Security Bridging the Gap Declan nolan, Devoteam UK. Www.devoteam.co.uk Fundamentals of Information Security Confidentiality Is the information only accessible by authorised personnel? Integrity Can we be sure that the information has not been tampered-with?

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 31

    ITSM and Information Security

    Bridging the Gap


    DeclanNolan,DevoteamUK

    About Devoteam

    www.devoteam.co.uk

    Information Security in the news


    Weaksecuritypolicies HackersexploitingweakWiFi security
    10/22/2009

    Failureinthedisposalprocess UseofunencryptedUSB drive

    Unenforcedpolicy
    3 www.devoteam.co.uk

    Conference Theme

    www.devoteam.co.uk

    Overview

    www.devoteam.co.uk

    Fundamentals of Information Security


    Confidentiality
    Istheinformationonlyaccessiblebyauthorisedpersonnel?

    Integrity
    Canwebesurethattheinformationhasnotbeentamperedwith?

    Availability
    IstheinformationavailablewhenIneedit?

    www.devoteam.co.uk

    Frameworks for Information Security

    www.devoteam.co.uk

    Frameworks for Information Security

    www.devoteam.co.uk

    ISO/IEC 27000 Series

    ISO/IEC27002hasevolvedfrom BS7799/ISO17799

    www.devoteam.co.uk

    ISO/IEC 27002 Sections


    RiskAssessment&Treatment SecurityPolicy OrganisationofInformationSecurity AssetManagement HRSecurity Physical&Env.Security Comms&OpsMgmt AccessControl ISAcquisition,Dev&Maint. InformationSecurityIncidentMgmt BusinessContinuityMgmt Compliance

    www.devoteam.co.uk

    Mapping ITIL to ISO 27002


    Version3

    ServiceDesign

    ServiceLevelMgmt CapacityMgmt ITServiceContinuityMgmt InformationSecurityMgmt

    toalignITsecuritywith businesssecurityandensure thatinformationsecurityis RiskAssessment&Treatment effectivelymanagedinall serviceandService SecurityPolicy Managementactivities.


    OrganisationofInformationSecurity AssetManagement

    ServiceTransition

    ChangeMgmt ServiceAsset&Config.Mgmt ReleaseMgmt ServiceValidation&Testing

    HRSecurity

    Information security is an Physical&Env.Security integral part of all IT services Comms&OpsMgmt and all ITSM processes
    AccessControl ISAcquisition,Dev&Maint.

    ServiceOperation

    EventMgmt IncidentManagement RequestFulfilment ProblemMgmt AccessManagement

    AccessManagement

    providestherightforusers InformationSecurityIncidentMgmt tobeabletouseaservice BusinessContinuityMgmt orgroupofservices.


    Compliance

    www.devoteam.co.uk

    Mapping ITIL to ISO 27002


    ServiceDesign
    Version3

    ServiceLevelMgmt CapacityMgmt

    RiskAssessment&Treatment
    27002

    SecurityPolicy ITServiceContinuityMgmt InformationSecurityMgmt OrganisationofInformationSecurity AssetManagement

    ServiceTransition

    ChangeMgmt ServiceAsset&Config.Mgmt ReleaseMgmt ServiceValidation&Testing

    HRSecurity Physical&Env.Security Comms&OpsMgmt AccessControl

    ServiceOperation

    EventMgmt IncidentManagement RequestFulfilment ProblemMgmt AccessManagement

    ISAcquisition,Dev&Maint. InformationSecurityIncidentMgmt BusinessContinuityMgmt Compliance

    www.devoteam.co.uk

    Mind the Gap


    ServiceDesign
    Version3

    ServiceLevelMgmt CapacityMgmt

    RiskAssessment&Treatment
    27002

    SecurityPolicy ITServiceContinuityMgmt InformationSecurityMgmt OrganisationofInformationSecurity AssetManagement

    ServiceTransition

    ChangeMgmt ServiceAsset&Config.Mgmt ReleaseMgmt ServiceValidation&Testing

    HRSecurity Physical&Env.Security Comms&OpsMgmt AccessControl

    ServiceOperation

    EventMgmt IncidentManagement RequestFulfilment ProblemMgmt AccessManagement

    ISAcquisition,Dev&Maint. InformationSecurityIncidentMgmt BusinessContinuityMgmt Compliance

    www.devoteam.co.uk

    Mind the Gap

    Strategy Development Operations Risk Organisation

    www.devoteam.co.uk

    The cost of misalignment

    Inefficiency Increasedrisk Conflict Extracost

    www.devoteam.co.uk

    Mapping ITIL to ISO 27002


    ServiceDesign
    Version3

    ServiceLevelMgmt CapacityMgmt

    RiskAssessment&Treatment
    27002

    SecurityPolicy ITServiceContinuityMgmt InformationSecurityMgmt OrganisationofInformationSecurity AssetManagement

    ServiceTransition

    ChangeMgmt ServiceAsset&Config.Mgmt ReleaseMgmt ServiceValidation&Testing

    HRSecurity Physical&Env.Security Comms&OpsMgmt AccessControl

    ServiceOperation

    EventMgmt IncidentManagement RequestFulfilment ProblemMgmt AccessManagement

    ISAcquisition,Dev&Maint. InformationSecurityIncidentMgmt BusinessContinuityMgmt Compliance

    www.devoteam.co.uk

    Mapping ITIL to ISO 27002


    ServiceDesign
    Version3

    ServiceLevelMgmt CapacityMgmt

    RiskAssessment&Treatment
    27002

    SecurityPolicy ITServiceContinuityMgmt InformationSecurityMgmt OrganisationofInformationSecurity AssetManagement

    ServiceTransition

    ChangeMgmt ServiceAsset&Config.Mgmt ReleaseMgmt ServiceValidation&Testing

    HRSecurity Physical&Env.Security Comms&OpsMgmt AccessControl

    ServiceOperation

    EventMgmt IncidentManagement RequestFulfilment ProblemMgmt AccessManagement

    ISAcquisition,Dev&Maint. InformationSecurityIncidentMgmt BusinessContinuityMgmt Compliance

    www.devoteam.co.uk

    Overlaps and Integrations


    ITServiceManagement SecurityManagement

    ITILv3 ISO2700x

    www.devoteam.co.uk

    Overlaps and Integrations


    ITServiceManagement SecurityManagement

    ServiceAsset& Config.Mgmt Incident& ProblemMgmt

    Asset& Config.Mgmt IncidentMgmt

    AssetMgmt InformationSecurity IncidentMgmt RiskAssessment &Treatment

    ChangeMgmt Identity& AccessMgmt

    AccessMgmt

    AccessControl

    ITILv3

    ISO2700x

    www.devoteam.co.uk

    Asset & Configuration Management


    ITServiceManagement SecurityManagement

    ServiceAsset& Config.Mgmt Incident& ProblemMgmt

    Asset& Config.Mgmt IncidentMgmt

    AssetMgmt InformationSecurity IncidentMgmt RiskAssessment &Treatment

    ChangeMgmt Identity& AccessMgmt

    AccessMgmt

    AccessControl

    ITILv3

    ISO2700x

    www.devoteam.co.uk

    Asset & Configuration Management


    Recordinformationassetsin ServiceAsset& Config.Mgmt CMDB
    Asset& Config.Mgmt AssetMgmt

    CMDB

    www.devoteam.co.uk

    Asset & Configuration Management


    Recordinformationassetsin CMDB
    Asset& Config.Mgmt

    Enhancedattributes
    Dataclassification(sensitivity& impact) InformationAssetOwner(IAO) Risks(Threats&Vulnerabilities) Riskowner

    CMDB

    www.devoteam.co.uk

    Asset & Configuration Management


    Recordinformationassetsin CMDB RelateinformationCIsto infrastructureCIs RecordrolesintheCMDBand linktopeople&information assets
    Asset& Config.Mgmt

    Enhancedattributes
    Dataclassification(sensitivity& impact) InformationAssetOwner(IAO) Risks(Threats&Vulnerabilities) Riskowner

    CMDB

    Roles

    www.devoteam.co.uk

    Incident Management
    ITServiceManagement SecurityManagement

    ServiceAsset& Config.Mgmt Incident& ProblemMgmt

    Asset& Config.Mgmt IncidentMgmt

    AssetMgmt InformationSecurity IncidentMgmt RiskAssessment &Treatment

    ChangeMgmt Identity& AccessMgmt

    AccessMgmt

    AccessControl

    ITILv3

    ISO2700x

    www.devoteam.co.uk

    Incident Management
    Incident& ProblemMgmt IncidentMgmt InformationSecurity IncidentMgmt

    Consolidatesecurity incident management Relateto infrastructure (information assets/CIs) Applyproblem management processestosecurity

    ConsolidatedIncident ManagementSystem

    Workflows Reporting Assignment SLAs etc

    Problem Management

    CMDB
    Roles

    www.devoteam.co.uk

    Change Management and Risk Assessment


    ITServiceManagement SecurityManagement

    ServiceAsset& Config.Mgmt Incident& ProblemMgmt

    Asset& Config.Mgmt IncidentMgmt

    AssetMgmt InformationSecurity IncidentMgmt RiskAssessment &Treatment

    ChangeMgmt Identity& AccessMgmt

    AccessMgmt

    AccessControl

    ITILv3

    ISO2700x

    www.devoteam.co.uk

    Change Management and Risk Assessment


    Utiliseexistingrisk assessmentapproachfor Changes AnalyseChangesin relationtorisksto informationassets LinkChangestoinitiating riskassessments
    ChangeMgmt RiskAssessment &Treatment

    (e.g.ISO/IEC27005)

    Changes

    Link

    Risks

    CMDB
    Roles

    www.devoteam.co.uk

    Identity & Access Management


    ITServiceManagement SecurityManagement

    ServiceAsset& Config.Mgmt Incident& ProblemMgmt

    Asset& Config.Mgmt IncidentMgmt

    AssetMgmt InformationSecurity IncidentMgmt RiskAssessment &Treatment

    ChangeMgmt Identity& AccessMgmt

    AccessMgmt

    AccessControl

    ITILv3

    ISO2700x

    www.devoteam.co.uk

    Identity & Access Management


    UseEnterpriseRole Managementasa startingpoint Integrateuser provisioningtoolswith ServiceRequest Management DefineandIAM strategyandroadmap
    AccessMgmt Identity& AccessMgmt AccessControl

    EnterpriseRole Management

    Provisioning andSRM integration

    IAMStrategy

    www.devoteam.co.uk

    In Summary
    AcombinedITSMandinformationsecurity approachwilladdvalue Bepragmatic focusonsomekeyareasinitially Looktointegratetechnologyinordertofacilitate processintegration

    www.devoteam.co.uk

    Useful Links and Sources


    10/22/2009

    EverythingyouwantedtoknowaboutISO27000series
    www.iso27001security.com

    ITILv3ServiceDesign&ServiceOperationbooks ITGI AligningCOBIT4.1,ITILV3andISO/IEC27002forBusiness Benefit


    http://www.itgi.org/Template_ITGI.cfm?Section=Recent_Publications&Tem plate=/ContentManagement/ContentDisplay.cfm&ContentID=45948

    ISACA InformationSystemsAuditandControlOrganisation
    www.isaca.org

    Contactme declan.nolan@devoteam.com

    www.devoteam.co.uk

    Вам также может понравиться