Skip Links

Network World

  • Social Web 
  • Email 
  • Close

ITIL takes on security management role

Implementing ITIL process improvements said to mitigate enterprise risk
By Denise Dubie , Network World , 12/06/2007

Long touted for streamlining processes and reducing operating costs, the ITIL best-practices framework also helps mitigate enterprise risk, say its adopters.

This week at the IDC IT Service Management and ITIL Forum in New York, analysts and enterprise ITIL adopters discussed how process improvements now are providing security benefits. A November survey of more than 300 companies by IDC revealed that security had surpassed improved availability and lowered costs as a main driver for adopting the best practices laid out in ITIL.

Specifically, some 56% of survey respondents indicated security as a motivation for ITIL, close to 50% said they wanted to lower costs and about 47% thought ITIL would help improve availability at their organizations. More than 45% said problem-solving was a driver for rolling out process improvements, and nearly 45% indicated that reducing errors was a top driver for ITIL adoption.

"Any type of process standard going forward will give you a chance to set policies and processes around security," said Fred Broussard, research manager of PC and device management software at IDC, during a presentation at the one-day event, which drew more than 100 attendees. "For instance, you can ensure only authorized users gain access and better guarantee unauthorized access doesn't happen."

The survey response might indicate a growing need among enterprise companies to better secure corporate data and information, considering processes around security information management (compare products) have been incorporated into ITIL Version 3, which was released earlier this year.  Dave Howard, national business technology manager for Toyota Financial Services (TFS) in Torrance, Calif., explained to forum attendees how security policy creation and governance has been incorporated into the upgrade and how TFS has created a Security Center of Excellence and an Office of Privacy that align with some of the recommendations in the best practices framework.

"It is important to do security management," Howard said. He also explained how TFS incorporated security into his service design package process, in which models of a service are built and multiple criteria are taken into account. For instance, throughout the process of creating a service, his team has to determine the service's ROI,  as well as which security requirements are necessary to deliver it. "For every new release we plan to push out into the environment, we also create a risk model," he said.

Partner Content

NetScout is one of the world's premier providers of integrated network and application performance solutions.

www.netscout.com

Know First

Get Proactive — Move from Troubleshooting to Monitoring to Management with nGenius K2's Service Dashboard & Intelligent Early Warning Alarms

Watch the Video

Know Where

Get Rapid Performance Problem Isolation with nGenius Performance Manager and Diagnose Problems up to 70% Faster!

Learn More

Know Why

Get the Details to Validate and Solve your Toughest Performance Issues with nGenius InfiniStream and Sniffer Intelligence Modules

Read the Whitepaper

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Save The Date!
What They Are Saying

IBM spent all that money on a mass rollout of PGP Whole Disk Encryption, just when its discovered that...- Anonymous

Join the Discussion