As information Technology falls within the range of governance, so management needs to focus. There are two Fundamental elements of effective management of risk in information and information technology: the first relates to a company’s strategic deployment of information technologies to be able to achieve its corporate objectives, the second relates to risks to those resources themselves. IT systems represent investments of executive and financial resources. The manner in which they are planned, managed and measured should therefore be an integral management responsibility, as should the manner in which risks related to information assets themselves are handled.
Over that is particularly weak where data security management is concerned – the ITIL book on information security does no more than refer to a currently very obsolete version of ISO 17799, the data security code of practice. The emergence of the Global IT Service Management ISO 27001 and Information Security Management (ISO20000) criteria changes all this. They make it possible for businesses which have successfully implemented an ITIL environment to be certificated as using information security and IT service management processes that meet an international standard; associations that demonstrate – to clients and prospective customers – the high quality and safety of the IT services and data security processes achieve substantial competitive benefits.
Information Security Risk
The value of an Information security standard may be obvious to the practitioner than an IT service management one. The proliferation of increasingly complex, complicated and international threats to data security, in conjunction with the compliance needs of a flood of computer- and privacy-related regulation around the world, is forcing organizations to take a more strategic view of information security. It is now clear that hardware-, software- or vendor-driven solutions to individual information security challenges are, in their own, dangerously inadequate. ISO/IEC 27001 (what was BS7799) helps organizations make the measure to systematically controlling and managing risk to their data assets.
IT Process Risk
IT must be managed to support the business or it will disrupt business processes and undermine business action. IT management, of course, has its own procedures – and lots of these procedures are common in several sectors and across organizations of all sizes. Processes deployed to handle the IT organization itself require both to succeed and to make sure that the IT organization delivers against business requirements. IT service management is a concept that embraces the notion that the IT organization (known, in ISO/IEC 20000 as in ITIL, as the service provider is present to provide solutions to business users, in accordance with business demands and to guarantee that the most cost-effective utilization of IT assets within that overall context. The IT Infrastructure Library, ITIL, emerged as a set of best practices which may be utilized in organizations. The IT service management standard iso 27001 courses provide.