IT Security Management (ITSM)
Definition - What does IT Security Management (ITSM) mean?
IT security management (ITSM) intends to guarantee the availability, integrity and confidentiality of an organization's data, information and IT services. IT Infrastructure Library (ITIL) security management generally forms part of an organizational strategy to security management that has a broader scope compared to an IT service provider.
ITIL v3 considers IT security management as part of their service design core volume, which results in a more effective integration of this process into the service life cycle. An information security manager is the process owner of IT security management.
Techopedia explains IT Security Management (ITSM)
The following are information management sub-processes and process objectives:
- Designing security controls: To design suitable organizational and technical measures to guarantee the availability, integrity and confidentiality of an organization's data, information and IT services
- Security testing: To ensure that all security mechanisms are subjected to regular testing
- Managing security incidents: To identify and fight intrusions and attacks and also to minimize damages incurred due to security breaches
- Security review: To review whether the safety measures and processes are still in accordance with risk perceptions from the business side, and also to validate whether these safety measures and processes are consistently managed and tested
The ITIL terms and information objects that are widely used in the security management process in order to signify process inputs and outputs are as follows:
- Availability/IT service continuity management (ITSCM)/security testing schedule
- Correlation rules and event filtering
- Information security policy
- Information security report
- Security management information system (SMIS)
- Test report
- Underpinning Information security policy
- Security advisories
- Security alert