In my previous articles I have given multiple practices which are useful for ITIL v4 foundation examination. Those are IT change management,Incident management,continual improvement management.service desk e.t.c. Those are very important topics for ITIL v4 examination .With those topics some more practices are also very important in ITIL. I would like to discuss one practice in detail in this article. ITIL IT security management practice is another important practice in ITIL v4. I will not go through the details of this practice but give you information whatever required in ITIL v4 examination. The purpose statement is very important for ITIL v4 examination.
Article will contain :
What is IT security and IT security management purpose statement?
Purpose of IT security management
What is ITIL IT security Management ?
In this section I would like to give you information about IT security management in detail. The IT security management is nothing but fitting security in IT in organizational level.
The Purpose statement for IT security management :
To protect the information needed by the organization
Keyword to remember :
To protect the information
Features of IT Security :
Confidentiality
We need to ensure that we require to check the confidentiality of the data.
Example : The password should be encrypted.
Integrity
We need to keep the integrity for applications.
Availability
We need to make sure that the availability of service in business hours.
Authentication
There should be the proper authentication mechanism
Non-Repudiation
It is assurity that someone can not deny something.
Different phases of IT security management :
There are following 3 phases of IT security management.
1.Prevention
2.Detection
3.Correction
Prevention : In this phase user needs to prevent the security threats.
Example : Any brute forge attack or ciber attacks needs to be prevented.
Detection : Detect the attacks on system.
Example :
If there is any hacking attack user needs to check the logs and detect these kind of attacks before big impact.
Correction : In this phase user needs to correct the security attacks by following specified approach.
These are above the phases of IT security management.