Security management presents a structure to obtain the incident of security-related cases and minimize the effect of security breaches. The actions within the security management process needs to be updated regularly to be able to keep current and be reliable. Security management is a never-ending task and it can be in comparison to Deming's Quality Circle (Plan, Do, Check and Act).
During this process, the inputs are the conditions that happen to be demanded by the clients. The conditions are translated into security programs, quality of security that must be delivered in the security division of the service level agreements (SLA). This implies that both the client as well as the plan sub-process provides inputs in the SLA therefore the SLA is an input for equally the client and the process. The provider then builds the security and safety strategies for his procedure. These security programs consist of the security guidelines and the Operational level agreements. The security programs (Plan) are subsequently applied (Do) and the implementation is then assessed (Check). After the assessment, both the program and the delivery of the program are sustained (Act).
Control
"Control" is the very first activity in the sub-process of the security management procedure. The control sub-process sets up and deals with the security management procedure itself. The control sub-process specifies the methods, the distribution of task, the terms of policy and the managing framework.
The security management structure specifies the sub-processes for the advancement of security and safety policies, the application of the security policies, the analysis and precisely how the outcome of the analysis are converted into functional programs.
Plan
The plan sub-process consists of tasks that in collaboration with the service stage procedures contribute to the information security aspect of the SLA. The plan sub-process is made up of functions which happen to be relevant to the underpinning agreements that are distinct for information security.
Within the plan sub-process, the objectives developed in the SLA are defined by means of operational level agreements (OLA). These types of OLAs will be considered as security policies for a particular internal network entity of the service provider.
In addition to the input of the SLA, the plan sub-process furthermore functions with the terms of policy of the service provider itself. As declared earlier these terms of policy are specified in the control sub-process.
The operational level agreements for information security are develop and applied according to the ITIL practice. This implies that there needs to be partnership among various other ITIL procedures. For instance, in the event that the security administration would like to modify the IT structure with the intention to accomplish optimum security, all of these modifications can only be performed by means of the change management method. The security administration will give the input (request for change) to do this modification. The change manager is accountable for the change management procedure itself.
Post a Comment