IT Security Management

Why Trust Techopedia

What Does IT Security Management Mean?

IT security management (ITSM) intends to guarantee the availability, integrity and confidentiality of an organization’s data, information and IT services. IT Infrastructure Library (ITIL) security management generally forms part of an organizational strategy to security management that has a broader scope compared to an IT service provider.

Advertisements

ITIL v3 considers IT security management as part of their service design core volume, which results in a more effective integration of this process into the service life cycle. An information security manager is the process owner of IT security management.

Techopedia Explains IT Security Management

The following are information management sub-processes and process objectives:

  • Designing security controls: To design suitable organizational and technical measures to guarantee the availability, integrity and confidentiality of an organization’s data, information and IT services
  • Security testing: To ensure that all security mechanisms are subjected to regular testing
  • Managing security incidents: To identify and fight intrusions and attacks and also to minimize damages incurred due to security breaches
  • Security review: To review whether the safety measures and processes are still in accordance with risk perceptions from the business side, and also to validate whether these safety measures and processes are consistently managed and tested

The ITIL terms and information objects that are widely used in the security management process in order to signify process inputs and outputs are as follows:

  • Availability/IT service continuity management (ITSCM)/security testing schedule
  • Correlation rules and event filtering
  • Information security policy
  • Information security report
  • Security management information system (SMIS)
  • Test report
  • Underpinning Information security policy
  • Security advisories
  • Security alert
Advertisements

Related Terms

Margaret Rouse
Editor

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…