During discussions with clients about their approach to managing IT services, many organizations refer to the Information Technology Infrastructure Library (ITIL) practices as a key component of their approach.
This is not surprising, as the ITIL framework provides a practical methodology for IT management, enabling the use of technology to align with business needs. By prioritizing business goals over technology-centric standards, ITIL can be readily applied to a broad range of infrastructure environments, driving continuous improvement and enhancing operational stability.
In the fast-moving IT industry, and especially the cybersecurity arena, few things remain static for long. Although the ITIL framework originated in the late 1980s, it has undergone numerous changes, leading to the current version, ITIL4. This evolution has introduced more benefits for an organization that seeks to offer a consistent approach to planning, delivering, and supporting IT services. ITIL also helps organizational processes, including improved customer relations, reduced business risk through minimizing service disruptions or failures, and a framework for supporting business changes while maintaining stability. ITIL also provides cost-effective measures for managing IT services.
ITIL Security Management Planning
ITIL's Security Management Planning sub-process is a key recommendation within the ITIL framework for managing IT services and is largely derived from the practices contained within the ISO/IEC 27001 standard. It identifies several key recommendations:
- Identify and assess security risks – Regular security risk assessments will identify potential security threats and vulnerabilities to the organization's information assets.
- Develop security policies and procedures – Manage and mitigate identified security risks with written policies. These documents should be based on industry best practices, and should be reviewed and updated regularly.
- Implement and manage security controls – Technical and non-technical security controls can safeguard the organization's information assets. Examples of technical controls include firewalls, intrusion detection systems, and encryption, while non-technical controls include access controls, user awareness training, and incident response planning.
- Monitor and report security incidents – Timely identification and remediation will minimize damage. This includes the use of security monitoring tools and security incident response procedures.
- Continuously improve security – This will keep your organization current with the latest vulnerabilities, threats, and exploits.
By following these recommendations, organizations can establish a comprehensive security management program that supports their business objectives and helps to protect their information assets.
Tools for Security Management Planning
Fortunately, many of the requirements for achieving the controls specified in ITIL can be fulfilled using existing tools. For example, for ITIL's Security Management Planning sub-process to “ensure the proper implementation of specified security measures,” Tripwire Enterprise’s change auditing features can provide assistance by verifying individual monitored devices configurations against pre-defined goals, such as capturing access controls on a new server's file system to confirm they align with any expected security hardening.
Tripwire Enterprise's built-in reporting capabilities can also support implementation documentation by rapidly running comparisons between monitored devices, highlighting unexpected configuration changes and enabling swift corrective action. ITIL's change management processes provide additional value by ensuring that changes are appropriately assessed and approved to reduce the risk of issues. While some may perceive change management as an obstacle to progress due to increased processing times, ITIL encourages a mature approach that emphasizes minimizing disruption, reducing the need for back-out activities, and optimizing resource allocation for changes.
A well-managed change process can focus on these three aspects to attain a successful outcome. One practical approach observed in the real world involves treating these three requirements as agenda items for every change, resulting in a track record of successfully implemented changes. Tripwire Enterprise's change audit functionality can aid in ensuring that approved changes align with their respective requests. Additionally, the Tripwire Enterprise Integration Framework App can integrate with change management systems such as Remedy or Service Now to close the loop on approved changes, providing peace of mind to organizations.
Beyond Change Management – Continuous Improvement
Beyond the world of change management, you may also want to consider how best to approach making continuous security improvements. Continuous improvement of network security is an essential process for protecting an organization's information assets. Whilst there’s many different approaches to this, two key points are:
- Conduct regular security assessments: Regular security assessments, including vulnerability scans and penetration testing, can help identify potential security gaps or weaknesses in your network.
- Keep software up to date: Make sure that all software, including operating systems, applications, and security tools, are kept up to date with the latest security patches and updates.
Again, Tripwire tools are well placed to help you here. Tripwire IP360 is an excellent vulnerability management tool, enabling you to perform regular, automated scans to help identify any gaps and out-of-date software versions. This leaves time for you and your team to focus on remediating any discovered vulnerabilities.
By adopting ITIL's practices in daily operations, businesses can realize significant benefits in IT service management. Tripwire Enterprise's toolset can help a company on its journey towards a mature ITIL-based environment.