ITSM and Information Security - Nolan Declan 01 (1)

download ITSM and Information Security - Nolan Declan 01 (1)

of 31

Transcript of ITSM and Information Security - Nolan Declan 01 (1)

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    1/31

    ITSM and Information Security

    Bridging the Gap

    DeclanNolan,DevoteamUK

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    2/31

    www.devoteam.co.ukwww.devoteam.co.uk

    About Devoteam

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    3/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Information Security in the news10/22/2009

    3

    Weaksecuritypolicies HackersexploitingweakWiFisecurity

    FailureinthedisposalprocessUseofunencryptedUSB

    drive

    Unenforcedpolicy

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    4/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Conference Theme

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    5/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Overview

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    6/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Fundamentals of Information Security

    Confidentiality Istheinformationonlyaccessiblebyauthorisedpersonnel?

    Integrity Canwebesurethattheinformationhasnotbeentamperedwith?

    Availability Is

    the

    information

    available

    when

    Ineed

    it?

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    7/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Frameworks for Information Security

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    8/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Frameworks for Information Security

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    9/31

    www.devoteam.co.ukwww.devoteam.co.uk

    ISO/IEC 27000 Series

    ISO/IEC27002hasevolvedfromBS7799/ISO17799

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    10/31

    www.devoteam.co.ukwww.devoteam.co.uk

    ISO/IEC 27002 Sections

    AccessControl

    InformationSecurityIncidentMgmt

    AssetManagement

    RiskAssessment&Treatment

    Comms&OpsMgmt

    ISAcquisition,Dev&Maint.

    SecurityPolicy

    Compliance

    OrganisationofInformationSecurity

    HRSecurityPhysical&Env.Security

    BusinessContinuityMgmt

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    11/31

    www.devoteam.co.ukwww.devoteam.co.uk

    ServiceOperation

    Service

    Transition

    ServiceDesign

    Mapping ITIL to ISO 27002

    ServiceLevelMgmtCapacityMgmt

    ITServiceContinuityMgmtInformationSecurityMgmt

    ChangeMgmtServiceAsset&Config.Mgmt

    ReleaseMgmtServiceValidation&Testing

    RequestFulfilment

    AccessManagement

    EventMgmtIncidentManagement

    ProblemMgmt

    AccessControl

    InformationSecurityIncidentMgmt

    AssetManagement

    RiskAssessment&Treatment

    Comms&OpsMgmt

    ISAcquisition,Dev&Maint.

    SecurityPolicy

    Compliance

    OrganisationofInformationSecurity

    HRSecurityPhysical&Env.Security

    BusinessContinuityMgmt

    toalignITsecuritywithbusinesssecurityandensurethatinformationsecurityiseffectivelymanagedinall

    serviceandServiceManagementactivities.

    AccessManagementprovidestherightforuserstobeabletouseaservice

    orgroupofservices.

    Information security is an

    integral part of all IT servicesand all ITSM processes

    Version3

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    12/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Mapping ITIL to ISO 27002

    RequestFulfilment

    ChangeMgmt

    AccessManagement

    ServiceLevelMgmt

    ServiceAsset&Config.Mgmt

    EventMgmt

    ReleaseMgmtServiceValidation&Testing

    IncidentManagement

    Version3CapacityMgmt

    ITServiceContinuityMgmtInformationSecurityMgmt

    ProblemMgmt

    ServiceDesign

    Service

    Transition

    ServiceOperation

    AccessControl

    InformationSecurityIncidentMgmt

    AssetManagement

    RiskAssessment&Treatment

    Comms&OpsMgmt

    ISAcquisition,Dev&Maint.

    SecurityPolicy

    Compliance

    OrganisationofInformationSecurity

    HRSecurityPhysical&Env.Security

    27002

    BusinessContinuityMgmt

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    13/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Mind the Gap

    Version3

    RequestFulfilment

    ChangeMgmt

    AccessManagement

    ServiceLevelMgmt

    ServiceAsset&Config.Mgmt

    EventMgmt

    ReleaseMgmtServiceValidation&Testing

    IncidentManagement

    CapacityMgmtITServiceContinuityMgmtInformationSecurityMgmt

    ProblemMgmt

    ServiceDesign

    Service

    Transition

    ServiceOperation

    27002

    AccessControl

    InformationSecurityIncidentMgmt

    AssetManagement

    RiskAssessment&Treatment

    Comms&OpsMgmt

    ISAcquisition,Dev&Maint.

    SecurityPolicy

    Compliance

    OrganisationofInformationSecurity

    HRSecurityPhysical&Env.Security

    BusinessContinuityMgmt

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    14/31

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    15/31

    www.devoteam.co.ukwww.devoteam.co.uk

    The cost of misalignment

    Inefficiency

    Increasedrisk Conflict

    Extracost

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    16/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Mapping ITIL to ISO 27002

    RequestFulfilment

    ChangeMgmt

    AccessManagement

    ServiceLevelMgmt

    ServiceAsset&Config.Mgmt

    EventMgmt

    ReleaseMgmtServiceValidation&Testing

    IncidentManagement

    Version3CapacityMgmt

    ITServiceContinuityMgmtInformationSecurityMgmt

    ProblemMgmt

    ServiceDesign

    Service

    Transition

    ServiceOperation

    AccessControl

    InformationSecurityIncidentMgmt

    AssetManagement

    RiskAssessment&Treatment

    Comms&OpsMgmt

    ISAcquisition,Dev&Maint.

    SecurityPolicy

    Compliance

    OrganisationofInformationSecurity

    HRSecurityPhysical&Env.Security

    27002

    BusinessContinuityMgmt

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    17/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Mapping ITIL to ISO 27002

    RequestFulfilment

    ChangeMgmt

    AccessManagement

    ServiceLevelMgmt

    ServiceAsset&Config.Mgmt

    EventMgmt

    ReleaseMgmtServiceValidation&Testing

    IncidentManagement

    Version3CapacityMgmt

    ITServiceContinuityMgmtInformationSecurityMgmt

    ProblemMgmt

    ServiceDesign

    Service

    Transition

    ServiceOperation

    AccessControl

    InformationSecurityIncidentMgmt

    AssetManagement

    RiskAssessment&Treatment

    Comms&OpsMgmt

    ISAcquisition,Dev&Maint.

    SecurityPolicy

    Compliance

    OrganisationofInformationSecurity

    HRSecurityPhysical&Env.Security

    27002

    BusinessContinuityMgmt

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    18/31

    www.devoteam.co.ukwww.devoteam.co.uk

    ITServiceManagement SecurityManagement

    ISO2700xITILv3

    Overlaps and Integrations

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    19/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Identity&AccessMgmt

    IncidentMgmt

    Asset&Config.Mgmt

    AccessMgmt

    ServiceAsset&Config.Mgmt

    Incident&ProblemMgmt

    AccessControl

    InformationSecurityIncidentMgmt

    AssetMgmt

    ISO2700xITILv3

    SecurityManagementITServiceManagement

    Overlaps and Integrations

    ChangeMgmt RiskAssessment&Treatment

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    20/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Identity&AccessMgmt

    IncidentMgmt

    AccessMgmt

    Incident&ProblemMgmt

    AccessControl

    InformationSecurityIncidentMgmt

    Asset&Config.MgmtServiceAsset&Config.Mgmt AssetMgmt

    ISO2700xITILv3

    SecurityManagementITServiceManagement

    Asset & Configuration Management

    ChangeMgmt RiskAssessment&Treatment

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    21/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Asset&Config.MgmtServiceAsset&Config.Mgmt AssetMgmt

    Asset & Configuration Management

    CMDB

    RecordinformationassetsinCMDB

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    22/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Asset&Config.Mgmt

    Asset & Configuration Management

    CMDB

    RecordinformationassetsinCMDB

    Enhancedattributes Dataclassification(sensitivity&

    impact)

    InformationAssetOwner(IAO)

    Risks(Threats&Vulnerabilities)

    Riskowner

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    23/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Asset & Configuration Management

    CMDB

    RecordinformationassetsinCMDB

    RelateinformationCIstoinfrastructureCIs

    RecordrolesintheCMDBandlinktopeople&informationassets

    Enhancedattributes Dataclassification(sensitivity&

    impact)

    InformationAssetOwner(IAO)

    Risks(Threats&Vulnerabilities)

    Riskowner

    Asset&Config.Mgmt

    Roles

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    24/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Identity&AccessMgmtAccessMgmt AccessControl

    IncidentMgmtIncident&ProblemMgmt

    InformationSecurityIncidentMgmt

    Asset&Config.MgmtServiceAsset&Config.Mgmt AssetMgmt

    ISO2700xITILv3

    SecurityManagementITServiceManagement

    Incident Management

    ChangeMgmt RiskAssessment&Treatment

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    25/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Incident Management

    IncidentMgmtIncident&ProblemMgmt InformationSecurityIncidentMgmt

    ConsolidatedIncidentManagementSystem

    Workflows

    Reporting

    Assignment

    SLAs

    etc

    ProblemManagement

    Consolidatesecurityincidentmanagement

    Relatetoinfrastructure(informationassets/CIs)

    Applyproblemmanagementprocessestosecurity

    CMDB Roles

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    26/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Identity&AccessMgmtAccessMgmt AccessControl

    IncidentMgmtIncident&ProblemMgmt

    InformationSecurityIncidentMgmt

    Asset&Config.MgmtServiceAsset&Config.Mgmt AssetMgmt

    ISO2700xITILv3

    SecurityManagementITServiceManagement

    Change Management and Risk Assessment

    ChangeMgmt RiskAssessment&Treatment

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    27/31

    www.devoteam.co.ukwww.devoteam.co.uk

    CMDB Roles

    Change Management and Risk Assessment

    ChangeMgmt RiskAssessment&Treatment

    Changes Risks

    UtiliseexistingriskassessmentapproachforChanges

    AnalyseChangesinrelationtoriskstoinformationassets

    LinkChangestoinitiatingriskassessments

    Link

    (e.g.ISO/IEC27005)

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    28/31

    www.devoteam.co.ukwww.devoteam.co.uk

    IncidentMgmtIncident&ProblemMgmt

    InformationSecurityIncidentMgmt

    Identity&AccessMgmtAccessMgmt AccessControl

    Asset&Config.MgmtServiceAsset&Config.Mgmt AssetMgmt

    ISO2700xITILv3

    SecurityManagementITServiceManagement

    Identity & Access Management

    ChangeMgmt RiskAssessment&Treatment

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    29/31

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    30/31

  • 7/31/2019 ITSM and Information Security - Nolan Declan 01 (1)

    31/31

    www.devoteam.co.ukwww.devoteam.co.uk

    Useful Links and Sources

    EverythingyouwantedtoknowaboutISO27000series www.iso27001security.com

    ITILv3

    Service

    Design

    &

    Service

    Operation

    books

    ITGI AligningCOBIT4.1,ITILV3andISO/IEC27002forBusinessBenefit http://www.itgi.org/Template_ITGI.cfm?Section=Recent_Publications&Tem

    plate=/ContentManagement/ContentDisplay.cfm&ContentID=45948

    ISACA InformationSystemsAuditandControlOrganisation www.isaca.org

    Contactme [email protected]

    10/22/2009

    http://www.iso27001security.com/http://www.itgi.org/Template_ITGI.cfm?Section=Recent_Publications&Template=/ContentManagement/ContentDisplay.cfm&ContentID=45948http://www.itgi.org/Template_ITGI.cfm?Section=Recent_Publications&Template=/ContentManagement/ContentDisplay.cfm&ContentID=45948http://www.isaca.org/mailto:[email protected]:[email protected]://www.isaca.org/http://www.itgi.org/Template_ITGI.cfm?Section=Recent_Publications&Template=/ContentManagement/ContentDisplay.cfm&ContentID=45948http://www.itgi.org/Template_ITGI.cfm?Section=Recent_Publications&Template=/ContentManagement/ContentDisplay.cfm&ContentID=45948http://www.iso27001security.com/

Day 2 - ITSM - Maximo ITSM Product Suite by Francois Marais

Day 2 - ITSM - Maximo ITSM Product Suite by Francois Marais

ITSM BKK #2: Business Simulation and Gamification for ITSM

ITSM BKK #2: Business Simulation and Gamification for ITSM

ITSM Roadmap

ITSM Roadmap

Declan`s power point

Declan`s power point

Jayne Groll jgroll@itsmacademy.com @ITSM Jayne › content › webinar › 5 Ways ITSM supports … · •Five Ways that ITSM Can Support ITSM. The DevOps Institute is the global

Jayne Groll [email protected] @ITSM Jayne › content › webinar › 5 Ways ITSM supports … · •Five Ways that ITSM Can Support ITSM. The DevOps Institute is the global

[DECLAN KEEBLE] - Manhunt Poster Design

[DECLAN KEEBLE] - Manhunt Poster Design

Maximo ITSM Product Suitemaximo.ae/presentations/Day 2 - ITSM - Maximo ITSM Product Suite by... · Maximo ITSM Product Suite ... A foundation of the ITIL framework Resource Mgmt,

Maximo ITSM Product Suitemaximo.ae/presentations/Day 2 - ITSM - Maximo ITSM Product Suite by... · Maximo ITSM Product Suite ... A foundation of the ITIL framework Resource Mgmt,

Lucia, adam, joe k, declan

Lucia, adam, joe k, declan

First Name Occurrences for Pennsylvania Resident Live ... · mason 855 declan 199 amir 92 liam 782 nolan 199 ... alan 40 khalil 31 cyrus 23 donald 40 phoenix 31 ... constantine 10

First Name Occurrences for Pennsylvania Resident Live ... · mason 855 declan 199 amir 92 liam 782 nolan 199 ... alan 40 khalil 31 cyrus 23 donald 40 phoenix 31 ... constantine 10

1 ITSM Transition enabling System-wide Strategy Background to Suffolk & Strategic Development Organisational Readiness ITSM Programme ITSM Programme Outcomes.

1 ITSM Transition enabling System-wide Strategy Background to Suffolk & Strategic Development Organisational Readiness ITSM Programme ITSM Programme Outcomes.

Itsm Amendment

Itsm Amendment

ITSM Monopoly

ITSM Monopoly

ITSM Project

ITSM Project

Declan Mulligan

Declan Mulligan

ITSM Overview

ITSM Overview

DevOps & ITSM - Pink Elephant ITSM... · DevOps & ITSM: Defining Value From Two Sides Of The Same Coin

DevOps & ITSM - Pink Elephant ITSM... · DevOps & ITSM: Defining Value From Two Sides Of The Same Coin

The Dragon’s Den of ITSM: Justifying ITSM Improvement .../media/HDIFusion/Files/speaker-handouts/Session201.pdfThe Dragon’s Den Of ITSM! Justifying ITSM Improvement Projects To

The Dragon’s Den of ITSM: Justifying ITSM Improvement .../media/HDIFusion/Files/speaker-handouts/Session201.pdfThe Dragon’s Den Of ITSM! Justifying ITSM Improvement Projects To

ITSM Integrations

ITSM Integrations

Declan Keane

Declan Keane

Cloud itsm[saa s itsm]

Cloud itsm[saa s itsm]