Due to the increased complexity of IT environments, managing and securing them has become somewhat of an IT departmental nightmare. Subsequently, companies are, quite rightly, now turning to best practices to alleviate some of this complexity.
The reality is that best practices provide companies with industry-proven ways to standardise their processes and manage their IT environments. In light of this, it is important that we look at these leading standards, especially highlighting their interoperability and complementary disciplines.
The main standards are as follows: Information Technology Infrastructure Library (ITIL), the British Standard BS15000 (the emerging standard for IT service management, which is based on ITIL methodologies) and ISO 17799 (the global best practice standard for securing business information, which is based on the British Standard BS7799).
These best practices serve as guidelines that enable organisations to mould their processes to fit their own business needs, which in turn require flexible support tools.
ITIL and service management
ITIL is a set of best practices for IT service management that has been evolving since 1989. It began as a set of processes for use by the UK government to improve IT service management and is gaining worldwide acceptance throughout the IT industry as the basis for successful IT service management.
At the core of the library are two volumes on the service management discipline: service support and service delivery, which were rewritten in 2000 - 2001. Security is covered in the security management volume written in 1999.
ITIL service support includes five disciplines that provide flexibility and stability for delivering IT services to the business.
* Incident management
* Problem management
* Change management
* Release management
* Configuration management
ITIL service delivery includes five disciplines that support high-quality and cost-effective IT services for the business.
* Service level management
* Availability management
* Capacity management
* Financial management for IT services
* IT service continuity management
Together the above disciplines help develop the service management capability of an organisation. There are complex interrelationships among all 10 of the service management disciplines as they interact to support the overall objective of making sure the IT infrastructure delivers high levels of service to the business.
BS15000 - Auditing managed service
Complementing ITIL is the BS15000 standard that specifies a set of interrelated management processes that are intended to form the basis of an audit of the managed service.
Importantly, customer relationship management (CRM) is addressed in this standard and is aimed at businesses that require quality service.
The BS15000 standard was launched at the IT Service Management Forum (itSMF) conference in Birmingham, England on 6 November 2000. It also complements the established British Standards Institute (BSI) Code of Practice for IT Service Management, PD0005 and the PD0015 self-assessment workbook.
Used together, BS15000 and PD0005 provide a framework for comprehensive best practices.
ISO 17799 and ITIL security management
Today, security is the most important issue that companies must address in order to realise the benefits of electronic business. Security must ensure a company`s valuable resources and intellectual property are protected and that customers feel secure in doing business with the organisation.
ISO 17799 supports the implementation of security in several ways:
* It defines a set of key objectives and identifies a set of security controls, which are measures that can be adopted to meet the objectives of the standard;
* It specifies the security controls that can be used (based on the results of a risk management assessment) as the basis for formal certification of an IT enterprise under the BS7799 standard.
In addition, ITIL has defined the best practice processes for securing the managed IT infrastructure, which is again closely tied to the use of ISO 17799 best practices.
Share
