Home » Security Bloggers Network » ITIL, the Change Management Process and Tripwire Enterprise

ITIL, the Change Management Process and Tripwire Enterprise

When I speak with clients about their approach to managing their IT services, many organisations mention ITIL practices as a cornerstone to their approach. This is hardly surprising since the ITIL framework describes a sensible methodology for IT management, looking at the use of technology through the lens of what the business needs. By avoiding being a specifically technology-driven standard, it’s easy to apply in any mature infrastructure to drive improvement and maintain stability.

In a fast-moving industry like IT, it’s rare to find anything that stays still for long– and with ITIL’s birth harking all the back to the late 1980s, it too has undergone a large number of changes leading us up to the current version, ITIL3. (ITIL4, expected to be released in 2019, is expected to continue to build on the foundations set out all those years ago, too). What hasn’t changed much is what you can get out of an ITIL-based approach to planning, delivering and supporting IT services:

• Improved relations with customers/users by delivering efficient services that meet their needs.
• Managed and minimized business risk (particularly through minimizing service disruption or failures)
• A framework for supporting the changes that occur within the business whilst mainlining stability
• A set of cost-effective measures for managing IT services

ITIL’s service design includes some key recommendations around security management largely derived by the practices contained with ISO/IEC 270001. Fortunately, many of the requirements for achieving the controls set out in ITIL can be achieved with many of the tools you may already have.

Take, for example, ITIL’s Security Management Planning sub-process. This focuses on making sure that all security measures, as specified in the plans, are properly implemented. Tripwire Enterprise has a number of features that can help you following this process by verifying your configuration against your planned (Read more...)