become-itil-foundation-certified-abhinav-kaiser(www.ebook-dl.com)

Recommendations

Info

5.7.3.1 Confidentiality, Integrity, and Availability Chapter 5 ■ Service Design There are three information security-related terms that secures the security aspects of information. They are confidentiality, integrity, and availability. Confidentiality is the protection of information from unauthorized access. In other words, only those with access to information are able to access it. Service providers and customers store information on servers, share points, and other file servers, and these data could contain sensitive business strategies, tactics, credit card information, or personal information of the end users. This information needs to be secured through methods known best to information security professionals, such as encryption and safeguarding. Integrity is the protection of information from getting modified by those who are not authorized to do so. It tightly integrates with confidentiality and goes a step further in protecting the interests of all the involved parties. Information is valuable if it is accurate, and when it is modified by unauthorized users (read: hackers), the sabotaged data will pull companies down faster than a speeding bullet. There are several ways integrity is protected these days, cryptography being one of them. The last of the tenets of information security is availability. It ensures that the authorized parties have access to information when they need it. If you provide the right level of encryption through confidentiality, ensure integrity through cryptography, but fail to provide accessability to those authorized, the whole exercise of securing information is counterproductive, right? The value from service comes from parties having the availability to access information when they desire to access it. Hackers have found a way to breach information security by blocking access to information through distributed denial of service (DDoS) attacks. A number of popular web sites such as Facebook go down due to such attacks fairly regularly. In this sense, denial of access to information is a breach in achieving information security objectives. 5.7.3.2 Information Security Policy Every nation has to follow a certain policy: Commercial, trade, various other types of policies. —APJ Abdul Kalam A policy is the guided path with lights at the periphery to ensure that you don’t stray from the principles set forth. A policy draws boundaries and drafts rules for play. In the ITIL service lifecycle, an information security policy provides the rules and boundaries that are necessary for ensuring that the information security management objectives are met, meaning CIA components are adhered to. All policies must be driven by senior management, and only in this case does it become effective and get the value treatment that it deserves. The senior management must completely endorse the policy guidelines and ensure sufficient communication goes out to the rest of the organization to show their faith and commitment to it. When there is backing from senior management on policies, the rest of the organization falls in line and starts to comply with the policy controls. 87
Chapter 5 ■ Service Design Policies do not cover the service provider alone, but also encompass customers. You do not want customers to carry out illegal activities using your services, do you? Information security policies are always made a part of SLRs, SLAs, OLAs, and UCs. According to the ITIL service design publication, these are some of the various policies that make up information security policy. This list is not comprehensive: • An overall information security policy • Use and misuse of IT assets policy • An access control policy • A password control policy • An e-mail policy • An Internet policy • An antivirus policy • An information classification policy • A document classification policy • A remote access policy • A policy with regard to supplier access to IT service, information, and components • A copyright infringement policy for electronic material • An asset disposal policy • A records retention policy A detailed study of the listed policies is not within the scope of the ITIL Foundation exam. 5.7.3.3 Objectives of Information Security Management To state it plainly, information security management exists to keep customer information, data, assets, and all aspects of customer resources safe. If we take a step back, the customer will have certain policies and guidelines in place for business security. The purpose of information security management is to align with the business security and ensure that CIA is intact. Further, the objectives of information security management are as follows: 1. Confidentiality: Information can be accessed only by those who are authorized. 2. Integrity: Information is accurate, complete, and is in verbatim condition. 88
Page 1 and 2:
Become ITIL Foundation Certified in
Page 3 and 4:
Become ITIL Foundation Certified in
Page 5 and 6:
Contents at a Glance About the Auth
Page 7 and 8:
■ Contents 1.8 Internal and Exter
Page 9 and 10:
■ Contents ■Chapter ■ 4: Serv
Page 11 and 12:
■ Contents 6.4 Service Transition
Page 13 and 14:
■ Contents ■Chapter ■ 9: ITIL
Page 15 and 16:
About the Technical Reviewer Sumit
Page 17 and 18:
Preface When my first book, Communi
Page 19 and 20:
CHAPTER 1 Service Management as a P
Page 21 and 22:
Chapter 1 ■ Service Management as
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
1.9.1.2 Process Deliver Specific Re
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Chapter 2 ■ Generic Concepts Chap
Page 37 and 38:
Chapter 2 ■ Generic Concepts Tabl
Page 39 and 40:
Chapter 2 ■ Generic Concepts 2.1.
Page 41 and 42:
Chapter 2 ■ Generic Concepts 2.2.
Page 43 and 44:
Chapter 2 ■ Generic Concepts ENAB
Page 45 and 46:
Chapter 2 ■ Generic Concepts Figu
Page 47 and 48:
Chapter 2 ■ Generic Concepts rece
Page 49 and 50:
CHAPTER 3 ITIL Service Lifecycle Th
Page 51 and 52: Chapter 3 ■ ITIL Service Lifecycl
Page 55 and 56: 3.2 ITIL Roles Chapter 3 ■ ITIL S
Page 57 and 58: 3.2.6 Generic Role: Process Practit
Page 61 and 62: CHAPTER 4 Service Strategy A strate
Page 63 and 64: 4.1.4 Patterns Chapter 4 ■ Servic
Page 65 and 66: Chapter 4 ■ Service Strategy Serv
Page 67 and 68: Chapter 4 ■ Service Strategy Figu
Page 69 and 70: 4.6.1.2 Risk Analysis Chapter 4 ■
Page 71 and 72: Chapter 4 ■ Service Strategy know
Page 73 and 74: 4.8.1.1.3 Retired Services Chapter
Page 75 and 76: Chapter 4 ■ Service Strategy thro
Page 77 and 78: Chapter 4 ■ Service Strategy that
Page 79 and 80: Chapter 4 ■ Service Strategy 2. V
Page 81 and 82: Chapter 5 ■ Service Design Some e
Page 83 and 84: Chapter 5 ■ Service Design 5.4 Fo
Page 85 and 86: Chapter 5 ■ Service Design 4. Pro
Page 87 and 88: Chapter 5 ■ Service Design • Se
Page 89 and 90: Chapter 5 ■ Service Design To sta
Page 91 and 92: Chapter 5 ■ Service Design 5.7.1.
Page 93 and 94: Chapter 5 ■ Service Design Jan Fe
Page 95 and 96: Chapter 5 ■ Service Design with t
Page 97 and 98: Chapter 5 ■ Service Design Think
Page 99 and 100: Chapter 5 ■ Service Design To sta
Page 101: Chapter 5 ■ Service Design have a
Page 105 and 106: Chapter 5 ■ Service Design Tradit
Page 107 and 108: Chapter 5 ■ Service Design Unlike
Page 109 and 110: Chapter 5 ■ Service Design 5.7.5
Page 111 and 112: Chapter 5 ■ Service Design For ex
Page 113 and 114: Chapter 5 ■ Service Design Anyway
Page 119 and 120: Chapter 5 ■ Service Design busine
Page 121 and 122: Chapter 5 ■ Service Design 3. Agr
Page 125 and 126: Chapter 5 ■ Service Design When d
Page 127 and 128: Chapter 5 ■ Service Design 7. If
Page 129 and 130: CHAPTER 6 Service Transition Transi
Page 131 and 132: Chapter 6 ■ Service Transition
Page 133 and 134: Chapter 6 ■ Service Transition
Page 135 and 136: 6.4.1.3 Types of Change Requests Ch
Page 137 and 138: Chapter 6 ■ Service Transition Cr
Page 139 and 140: Chapter 6 ■ Service Transition It
Page 141 and 142: 6.4.1.7.1 Create a Request for Chan
Page 143 and 144: 6.4.1.7.7 Review and Change Closure
Page 145 and 146: 6.4.1.10 Change Management Interfac
Page 147 and 148: Chapter 6 ■ Service Transition fr
Page 149 and 150: Chapter 6 ■ Service Transition Au
Page 151 and 152: Chapter 6 ■ Service Transition an
Page 153 and 154:
Chapter 6 ■ Service Transition Ac
Page 155 and 156:
Chapter 6 ■ Service Transition Th
Page 157 and 158:
Chapter 6 ■ Service Transition 6.
Page 159 and 160:
Chapter 6 ■ Service Transition WI
Page 161 and 162:
Chapter 6 ■ Service Transition Co
Page 163 and 164:
Chapter 6 ■ Service Transition 10
Page 165 and 166:
6.5 Practice Exercises 1. Which of
Page 167 and 168:
Chapter 6 ■ Service Transition 10
Page 169 and 170:
Chapter 7 ■ Service Operations I
Page 171 and 172:
Chapter 7 ■ Service Operations
Page 173 and 174:
Chapter 7 ■ Service Operations Yo
Page 175 and 176:
Page 177 and 178:
Chapter 7 ■ Service Operations Th
Page 179 and 180:
Chapter 7 ■ Service Operations In
Page 181 and 182:
Chapter 7 ■ Service Operations I
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Chapter 7 ■ Service Operations 7.
Page 189 and 190:
Page 191 and 192:
Chapter 7 ■ Service Operations Mo
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Chapter 7 ■ Service Operations No
Page 207 and 208:
Page 209 and 210:
Chapter 7 ■ Service Operations It
Page 211 and 212:
Chapter 7 ■ Service Operations at
Page 213 and 214:
Page 215 and 216:
Chapter 7 ■ Service Operations Ga
Page 217 and 218:
Chapter 7 ■ Service Operations Ap
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Chapter 8 ■ Continual Service Imp
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Chapter 9 ■ ITIL Foundation Exam
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Index A Access management and info
Page 257 and 258:
■ INDEX definition, 108 objective
Page 259 and 260:
■ INDEX J JAVA team, 190 K Key
Page 261 and 262:
■ INDEX Service catalog managemen
Page 263:
■ INDEX OR gate, 19 parts, 20 per
show all

become-itil-foundation-certified-abhinav-kaiser(www.ebook-dl.com)

Create successful ePaper yourself

Delete template?

Save as template?