I just received word, I passed the ITIL V2 – V3 Foundation Bridging Course in IT Service Management. Which means, I am now certified in ITIL V3 Foundations. For those not familiar with the Information Technology Infrastructure Library (ITIL), it is a set of concepts and policies for managing information technology (IT) infrastructure, development and operations. The exam was not very difficult. It was only twenty questions and took under a half an hour. Much easier than the 4.5 hour security certification I am preparing for in February. Still, it is important for security people to know the foundation of IT management frameworks like ITIL.
Applying this to security in 2009: Vivian Yeo, from ZDNet Asia, wrote “2009: Bad times means worse security?” Vivian points out that worsening economic conditions, leading to cost-cuttings, will result in security challenge. The article discusses various IT technologies that will move operations out of the traditional layered network approach where security is better established. To address security concerns, Judy Wu, IDC’s research manager for infrastructure software in the Asia-Pacific region, believes that companies will adopt a “more disciplined” approach tapping on frameworks such as Control Objectives for Information and related Technology (COBIT), ISO 27001 and ITIL.
Previously, I posted, “Intense Simplicities,” where I discuss a few risk-based protection model. For more entertaining contrast, check out Rob England posts “ITIL is the hitchhiker’s guide, COBIT is the encyclopaedia” and “COBIT rivals ITIL.”
Military strategist Karl Von Clausewitz once wrote, “War is an extension of politics, by other means.” IT is an extension of business, while security helps deal with risks. While I avoid predictions, I do know CEOs will be reading articles and listening to research managers like the ones quoted above. Folks in security need to have an understanding of frameworks like ITIL, COBIT, and ISO 27001 in order to ensure security concerns are addressed at the very beginning of these business discussions.
[...] http://blog.securitymonks.com/2009/01/15/itil-v2-v3-foundation-bridging-course/ [...]