Every network operations center needs to implement standards for the efficient and effective management and control of its people and resources to meet the needs of its users. Upper management in the U.S. has become more aware of the importance of good IT management because of the passage of the Sarbanes-Oxley Act of 2002.

One of the best approaches to running operations is the Information Technology Infrastructure Library (ITIL) established in the 1980s by an agency of the British government, the Central Computer and Telecommunications Agency. Now run by the U.K.’s Office of Government Commerce, the ITIL is “a cohesive set of best practice, drawn from the public and private sectors internationally. It is supported by a comprehensive qualifications scheme, accredited training organizations, and implementation and assessment tools.”

The ITIL includes the following concentrations and the documents are available online:
* Service Support
* Service Delivery
* Planning to Implement Service Management
* Application Management
* ICT Infrastructure Management.
* Security Management
* Software Asset Management
* The Business Perspective: The IS View on Delivering Services to the Business

The titles above mostly cost £95 for the downloadable PDF, £150 for the CD-ROM and £65 for a printed book. A few are less expensive; for example, the Security Management module costs £50 for download and £44.95 for a book (no CD available).

For an excellent overview of the ITIL’s contribution to information security, see the recent article by Steven Weil in SecurityFocus.

In my next article, I’ll discuss a useful little text called “The Visible OPS Handbook” that is based on the ITIL.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.