IT Security Management

Why Trust Techopedia

What Does IT Security Management Mean?

IT security management (ITSM) intends to guarantee the availability, integrity and confidentiality of an organization’s data, information and IT services. IT Infrastructure Library (ITIL) security management generally forms part of an organizational strategy to security management that has a broader scope compared to an IT service provider.


ITIL v3 considers IT security management as part of their service design core volume, which results in a more effective integration of this process into the service life cycle. An information security manager is the process owner of IT security management.

Techopedia Explains IT Security Management

The following are information management sub-processes and process objectives:

  • Designing security controls: To design suitable organizational and technical measures to guarantee the availability, integrity and confidentiality of an organization’s data, information and IT services
  • Security testing: To ensure that all security mechanisms are subjected to regular testing
  • Managing security incidents: To identify and fight intrusions and attacks and also to minimize damages incurred due to security breaches
  • Security review: To review whether the safety measures and processes are still in accordance with risk perceptions from the business side, and also to validate whether these safety measures and processes are consistently managed and tested

The ITIL terms and information objects that are widely used in the security management process in order to signify process inputs and outputs are as follows:

  • Availability/IT service continuity management (ITSCM)/security testing schedule
  • Correlation rules and event filtering
  • Information security policy
  • Information security report
  • Security management information system (SMIS)
  • Test report
  • Underpinning Information security policy
  • Security advisories
  • Security alert

Related Terms

Margaret Rouse
Senior Editor
Margaret Rouse
Senior Editor

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.