become-itil-foundation-certified-abhinav-kaiser(www.ebook-dl.com)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 5 ■ Service Design<br />
Policies do not cover the service provider alone, but also en<strong>com</strong>pass customers.<br />
You do not want customers to carry out illegal activities using your services, do you?<br />
Information security policies are always made a part of SLRs, SLAs, OLAs, and UCs.<br />
According to the ITIL service design publication, these are some of the various<br />
policies that make up information security policy. This list is not <strong>com</strong>prehensive:<br />
• An overall information security policy<br />
• Use and misuse of IT assets policy<br />
• An access control policy<br />
• A password control policy<br />
• An e-mail policy<br />
• An Internet policy<br />
• An antivirus policy<br />
• An information classification policy<br />
• A document classification policy<br />
• A remote access policy<br />
• A policy with regard to supplier access to IT service, information,<br />
and <strong>com</strong>ponents<br />
• A copyright infringement policy for electronic material<br />
• An asset disposal policy<br />
• A records retention policy<br />
A detailed study of the listed policies is not within the scope of the ITIL<br />
Foundation exam.<br />
5.7.3.3 Objectives of Information Security Management<br />
To state it plainly, information security management exists to keep customer information,<br />
data, assets, and all aspects of customer resources safe. If we take a step back, the<br />
customer will have certain policies and guidelines in place for business security. The<br />
purpose of information security management is to align with the business security and<br />
ensure that CIA is intact.<br />
Further, the objectives of information security management are as follows:<br />
1. Confidentiality: Information can be accessed only by those<br />
who are authorized.<br />
2. Integrity: Information is accurate, <strong>com</strong>plete, and is in<br />
verbatim condition.<br />
88