As it more and more falls inside the scope of corporate governance, so management must more and more concentrate on the control over risk towards the achievement of their business objectives.
There’s two fundamental aspects of effective control over risk in information and knowledge technology: the very first pertains to an organization’s proper deployment of knowledge technology to have its corporate goals, the 2nd pertains to risks to individuals assets themselves. IT systems usually represent significant investments of monetary and executive sources. The means by that they are planned, managed and measured should therefore be considered a key management accountability, as well as the means by which risks connected with information assets are managed.
Clearly, well managed it is really a business enabler. Every deployment of knowledge technology brings by using it immediate risks towards the organization and, therefore, every director or executive who deploys, or manager who makes any utilization of, it must understand these risks and also the steps that needs to be come to counter them.
ITIL has lengthy provided a comprehensive assortment of best take action management processes and guidance. Regardless of a comprehensive selection of specialist-orientated certified qualifications, it’s not feasible for any business to demonstrate – to the management, not to mention an exterior 3rd party – it has had the danger-reduction step of applying best practice.
In addition to that, ITIL is especially weak where information security management is worried – the ITIL book on information security does indeed a maximum of make reference to a now very out-of-date form of ISO 17799, the data the three of practice.
The emergence from the worldwide IT Service Management ISO 27001 and knowledge Security Management (ISO20000) standards changes all of this. They make it easy for organizations which have effectively implemented an ITIL atmosphere to become externally certificated as getting information security also it service management processes that meet an worldwide standard organizations that report – to customers and prospective customers – the standard and security of the IT services and knowledge security processes achieve significant competitive advantages.