Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Services Security IT Enviroment Management

Published byLorraine Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "IT Services Security IT Enviroment Management"— Presentation transcript:

1 Ing. Ivan Makatura (imakatura@vub.sk)
IT Services Security IT Enviroment Management Faculty of Electronics and Informatics Technical university in Košice Ing. Ivan Makatura

2 Introduction to ITSM/ITIL

3 What is ITSM? In order for the companies in a competitive environment to achieve the objectives set by corporate strategy, they have to perform quality business processes. Modern business processes require high quality services for their functioning. Condition for the proper functioning of IT services is a high quality ICT infrastructure. High quality ICT infrastructure is not sufficient condition for the proper functionality of IT sevices. It is necessary to also manage the way of providing IT services IT service management is called The IT Service Managment(ITSM). ITSM Content= definition of processes, which should be implemented in the enterprise in order to ensure continuous supply of quality IT services at optimal cost expenditure.

4 What is ITIL? ITIL „IT Infrastructure Library“:
Comprehensive set of „best practices“ for IT services Contains a series of books, intending to help organizations to develop quality IT services ITIL is owned and maintained by OGC (UK Office of Government Commerce) Not a methodology, neither a methodology to IT service management or its implementation methodology in the organization Is a global de-facto framework for ITSM ITIL framework for proposal of ITSM processes leaves much discretion in the implementation process ITIL does not say „HOW“ but „WHAT“ is recommended to perform in ITSM

5 ITIL characteristics Process Management Customer-oriented approach
ITIL uses a process-oriented approach to IT service management (as opposed to the traditional management of functional). Process is a logical sequence of tasks transforming input to a particular output, the performance of individual tasks is ensured by challenges with clearly defined responsibilities. The whole process is controlled, monitored, measured, evaluated and continuously improved. Customer-oriented approach All processes are designed within customer needs, ie. Every activity, every action in every process has to bring some added value to the customer. Clear terminology Clear terminology is sometimes a less appreciated or entirely skipped characteristic of ITIL, but only until we firstly try to address misunderstandings resulting from the fact that someone uses the same term in another sense than we expect. Platform independence The framework of ITSM processes according toITIL is independent of any platform. Public Domain The library is freely available, meaning that anyone can buy books of ITIL and ITSM processes according to ITIL to implement in your business. The free availability of the ITIL library, among other things contributed to the rapid worldwide spread of ITIL.

6 ITIL advantages IT services are becoming more customer-oriented
The quality of IT services is improved The cost of IT services are more manageable IT organizations are evolving into manageable structures and become more efficient Changes in ICT are simpler and clearer There is a unified framework for internal communication with the IT organization ICT processes are standardized and integrated Defined is auditable and verifiable performance metrics and quality IT services

7 Standardization framework

8 IT Security standardization
ISO/IEC 20000: IT service management - Specification for service management ISO/IEC 17799: Code of Practice for Information Security Management ISO/IEC 27001: Information technology - Security techniques - Information security management systems: Code of Best Practices for Information Security Management ISO/IEC 27003: Information technology - Security techniques - Information security risk management ISO/IEC 15408: Information technology - Security techniques - Evaluation criteria for IT security

9 Relation between ITIL a ISO 20000 (a)
JTC1 – Information Technology Subcommittee Title JTC 1/SWG Accessibility (SWG-A) The convener can be reached through the secretariat JTC 1/SC 2 Coded character sets JTC 1/SC 6 Telecommunications and information exchange between systems JTC 1/SC 7 Software and systems engineering JTC 1/SC 17 Cards and personal identification JTC 1/SC 22 Programming languages, their environments and system software interfaces JTC 1/SC 23 Digitally Recorded Media for Information Interchange and Storage JTC 1/SC 24 Computer graphics, image processing and environmental data representation JTC 1/SC 25 Interconnection of information technology equipment JTC 1/SC 27 IT Security techniques JTC 1/SC 28 Office equipment JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information JTC 1/SC 31 Automatic identification and data capture techniques JTC 1/SC 32 Data management and interchange JTC 1/SC 34 Document description and processing languages JTC 1/SC 35 User interfaces JTC 1/SC 36 Information technology for learning, education and training JTC 1/SC 37 Biometrics V rámci medzinárodnej organizácie pre štandardizáciu ISO pôsobí už od roku 1987 technická komisia JTC1 (Joint Technical Committee - spoločná technická komisia ) zameraná na „Informačné technológie“, ktorá vznikla na základe dohody o spolupráci medzi organizáciou ISO (International Organisation for Standardisation) a IEC (International Electrotechnical Commission). V krátkom čase sa toto neziskové odborné združenie profesionálov zaradilo medzi rešpektované medzinárodné organizácie a málokto dnes tuší, že táto technická komisia stojú za takými normami ako sú ISO 20000, ISO alebo aj rozšírená ISO alebo ISO V súčasnosti sa odborná IT verejnosť môže dostať do kontaktu s najväčším výkladovým slovníkom (SEVOCAB – Software Engineering VOCAbulary) pojmov z oblasti „Information Technology“, ktorý poskytuje aktuálne pojmy zo všetkých vydaných a publikovaných ISO, IEC a iných štandardov: Celá technická komisia je v súčasnosti rozdelená do 17 subkomisií – z nich sú pre účely tejto prezentácie najdôležitejšie JTC1/SC7-Software and System Engineering a JTC1/SC27-IT Security Techniques. 9 9

10 Relation between ITIL a ISO 20000 (b)
JTC1 SC7 – Software and Systems Engineering JTC1 SC7 WG20 WG1A IT Governance ISO 38500 WG21 WG2 WG22 WG4 WG23 WG6 WG24 WG7 SW Life-Cycle Processes ISO , ISO WG26 Subkomisia SC7 v rámci technickej komisie JTC1 (zameraná na softvérové systémové inžnierstvo) patrí medzi najvýznamnejšie technické komisie v rámci organizácie ISO vôbec. Stručná história JTC1-SC7: 1987 – Vznik subkomisie JTC1/ SC7 1991 – Publikovaná ISO/IEC Software Product Quality 1995 – Publikovaná ISO/IEC Software Life Cycle Processes 1997 – Prevzatie ISO zo subkomisie ISO/TC176 2000 – Názov subkomisie zmenaný na: Software and System Engineering 2002 – Publikovaná ISO/IEC – System Life-Cycle 2005 – Publikovaná ISO/IEC IT Service Mangement 2008 – Publikovaná harmonizovaná spolu s 15288 2008 – Publikovaná ISO/IEC IT Governance V súčasnosti sa na činnosti subkomisie celosvetovo podieľa cca 200 odborníkov a medzi najvýznamnejšie pracovné skupiny v nej možno zaradiť pracovnú skupinu WG25 – IT Service Management, ktorá garantuje celý rad noriem radu ISO 20000: Publikované normy: ISO/IEC :2005: Specification ISO/IEC :2005: Code of practice Pripravované a plánované normy: ISO/IEC : Scoping and applicability of ISO/IEC ISO/IEC : Process Reference Model ISO/IEC : Incremental conformity based on ISO/IEC 20000 WG10 WG42 WG19 WG25 IT Service Management ISO , ISO 10

11 Vzťah ITIL a ISO 20000 (c) ISO 27001, ISO 27002 ISMS
JTC1 SC27 – IT Security Techniques JTC1 SC27 WG1 ISMS ISO 27001, ISO 27002 WG2 Cryptography and Security Mechanisms WG3 Security Evaluation Criteria WG4 Security controls and services Subkomisia SC27 v rámci technickej komisie JTC1 je zameraná na oblasť bezpečnosti a je rozdelená do 5 pracovných skupín (WG) - z uvedených pracovných skupín je najznámejšia a najvýznamnejšia práve pracovná skupina WG1 - Information Security Management Systems, ktorá je gestorom známeho radu noriem ISO Ideovo a koncepčne vychádzajú normy radu ISO z pôvodnej britskej norimy BS (prevzaté ako ISO 17799) a v súčasnosti je aktuálny stav týchto noriem nasledovný: Publikované normy: ISO/IEC 27001:2005 – Specification ISO/IEC 27002:2005 – Code of Practice (predtým ISO 17799) ISO/IEC 27005:2008 – Information security risk management ISO/IEC 27006:2007 – Guide to the Certification Process Pripravované a plánované normy: ISO/IEC – Glossary ISO/IEC – ISMS Implementation Guide ISO/IEC – Information Security Measurement ISO/IEC – Guideline for ISMS auditing ISO/IEC – ISMS implementation guideline for the Telco (known as X.1051) ISO/IEC – Guideline for e-government services ISO/IEC – Specification for ICT readiness for business continuity ISO/IEC – Guideline for cybersecurity ISO/IEC – IT network security (known as ISO/IEC 18028:2006 ) – set of standards ISO/IEC – Guideline for application security ISO/IEC – Sector to sector interworking and communications WG5 Identity management and privacy technologies 11

12 Scope of ISO/IEC JTC1 / SC 27 (IT Security techniques)
WG 3 „Security Evaluation“ WG 1 „ISMS“ Assessment Guidelines Techniques WG 5 „Privacy, Identity & Biometric Security“ WG 4 „Security Controls & Services“ WG 2 „Cryptography & Security Mechanisms“ Product System Process Environment ISO/IEC JTC1 / SC 27 = SÚTN TK37 / SK02 Subcommission distribution TK37 / SK02 is identical to JTC1 / SC 27

13 IT infrastructure library v.2

14 ITIL v2 Library structure
Mutual relation of ITIL publications Relations of specific pubications with business processes and ICT infrastructure © OGC

15 Operational discipline according to ITIL v2
Operational ITSM disciplines described in the Service Support book: : Service Desk (function) SD is to provide the user with a focal point for addressing the requirements his chapter describes how to create and perform SD as an effective communication channel between users and providers of IT services Configuration Management provides a logical model of infrastructure or services through the identification, management, administration and verification of all configuration items that are implemented Incident Management process that ensures the fastest delivery of service restoration and minimizing the consequences of failure of services to business Problem Management the process of discovering the underlying causes of incidents. Problem Management initiates security bug fixes in ICT infrastructure and implement a proactive and prevent problems Change Management process that uses standardized methods and procedures to effectively and quickly implement the changes. The purpose is to minimize the formation of incidents due to changes Release Management process that ensures successful deployment and distribution of changes in ICT infrastructure. It ensures that both aspects of the deployment(technical and organizational) will be consistent.

16 Tactical disciplines according to ITIL v2
Tactical processes ITSM described in Service Delivery book: Service Level Management deals with planning, coordinating, designing, closing, monitoring and evaluation of contracts for service support (SLA) with customers and subcontractors with contracts (OLA and UC). The aim is to manage and improve service quality and customer relationships Capacity Management responsible for ensuring a permanent infrastructure of sufficient capacity so that they always met all business requirements, both current and future Availability Management responsible for achieving a level of availability of IT services, which corresponds to the business requirements. Achieves this by measuring and monitoring the availability of IT Services, comparing these values ​​with business requirements for availability and then initiating steps leading to the attainment of desired state IT Service Continuity Management process management capabilities to provide the defined service levels for system failure (failure of the application components to the complete loss of the conditions necessary for business) Financial Management for IT Services responsible for recording the cost of IT services, evaluating return on investment in IT services and costs for all aspects of the restoration operation. Provides documentation to establish the ICT budgets and price list

17 ITIL v2 Library – brief summary(a)
Service Support Description of the processes at the operational management Processes predominate character of daily, routine operation Summary The process described in the book of daily service support can support users of IT services Service Delivery Description of the processes at the tactical management. Predominant character of long-term planning processes Summary of processes described in the book Service delivery is building relationships with customers and achieve their long-term satisfaction with the provision of IT services ICT Infrastructure Management Description of the processes relating to the management of ICT infrastructure The book addresses all aspects of ICT to identify business requirements through  Bidding to testing, installation, implementation and maintenance of components in support of ICT services Application Management Description of life cycle processes of application software The book deals with the processes from initial feasibility studies through development, testing, creating documentation, user training, implementation into the production environment, run applications, change control management to the end use application

18 ITIL v2 Library – brief summary(b)
The Business Perspective Books for business managers.  Presents the basic principles of ICT infrastructure needed to support business processes (eg, IT Service Management) The book also includes ITIL publication Quality Management for IT Services, which describes the correlation ITSM processes with the provisions of quality management standards (ISO 9000) Planning to Implement Service Management The book is intended for members of implementation teams It describes the processes, tasks and problems associated with planning, implementing and improving processes, IT Service Management Security Management The book describes the organization and management of ICT security infrastructure from the perspective of IT managers Describes the process of planning and managing a defined level of information security and IT services including all aspects related to the response to security incidents Software Asset Management The book describes the process for management, control and protection of software assets in all stages of its life cycle

19 IT infrastructure library v.3

20 ITIL v3 core © OGC

21 ITIL v3 library structure
© OGC

22 Basic differences between ITIL v2 and ITIL v3 (a)
Changes in concept– dominant life-cycle Changes in range– added new processes: "Demand Management", "Test Management", "Supplier Management", "Event Management„ and others. Changes in terminology– service definition, process definition of „Service Management“, new terms Cataloque/Portfolio of services, DSL/DML Changes in position of IT services – traceability in business Changes in structure– individual position of CSI process Good Practice instead of Best Practice New understanding in terms of customer service: a combination of "utility" (utility) and "guarantees"(warrants) ITIL v3 Najvýraznejšie zmeny v ITIL v3: Implementácia procesného konceptu na základe „Životného cyklu služby“ - Service Life-Cycle (Strategy-Design-Transition-Operation-Continuous Improvement) Vlastník procesu (Process Owner) – zodpovedá za dosahovanie výsledkov procesu Vlastník služby (Service Owner) – zodpovedá za dodanie požadovanej služby Security Management prestáva existovať ako samostatná oblasť ale plne sa integruje do procesu „Service Design“ Security Management je omnoho silnejšie orientovaný na ISMS podľa ISO/IEC ako v ITIL v2 Definovanie 4P v procese „Service Strategy“ - Perspective, Position, Plan, and Pattern Portfólio služieb je podstatne širší pojem ako pôvodný Katalóg služieb – zahŕňa nielen služby z Katalógu ale aj služby pripravované, resp. vyradené Výstupom procesu „Service Design“ je Popis dodávanej služby (Service Delivery Package), ktorý má predpísané detailné atribúty a obsah Rôzne typy zabezpečovania zdrojov (sourcing) pre IT služby: Insourcing, Outsourcing, Co-sourcing, Partnership or Multisourcing, Business Process outsourcing, Application Service Provision, Knowledge Process Outsourcing (The newest sourcing option) Definícia SLA, OLA a UC ostávajú fakticky nezmenené voči ITIL v2 Definícia a implementácia prístupu „V-Model služby“ (Service V-Model) Omnoho vyšší dôraz na meranie a reportovanie Omnoho vyšší dôraz na nepretržité zlepšovanie služieb ITIL v2

23 Relations of ITSM processes and IT security processes

24 Security process Security = maintaining an acceptable level of identified risk Complex of processes and activities to avert or reduce the identified risks, respectively manifestations of threats that affect information assets. Security is not closing, nor product. Safety is an ongoing continuous process Reaction Evaluation Protection Detection 24

25 Basic goals of IT security
Confidentiality – (Authorized personnel access only) C I A Integrity - (Data protection against modification) Availability – (Reliable and prompt access to data) Accountability – (unambiguous identifiability of data access...)

26 Príklady incidentov v jednotlivých kategóriách

27 Vrstvový model ochrany informácií
Security program Monitoring procedures Reporting and escalation Incident management Forensic evidence Firewalling VPN’s Intrusion detection Internet / exterior Perimeter Network Data Premises Routing Entrance Extranets Host Application LAN/WAN traffic Intranets Rozdeliť – fyzický perimeter... Zdôrazniť fyzické aktíva a chráínené priestory OS monitoring Vulnerability checking Application controls Database monitoring Information assets

28 Security levels Benevolent Liberal Careful Paranoid
Non-restrictive policy Everything is allowed, including that which should be not Benevolent Liberal Everything is allowed except activities, which are explicitly disabled Careful Restrictive policy Everything is disabled except activities, which are explicitly allowed Paranoid Everything is disabled including activities, which shoud be allowed

29 Relations between security attributes acc. to ISO/IEC 15408
Relations between basic terms in IT security according to Common Criteria: © Common Criteria for Information Technology Security Evaluation: Security concepts and relationships

30 IT security according to ITIL
ITIL requires effective information security measures implemented at the strategic, tactical and operational level Information security is considered to be an iterative process that must be controlled, planned, implemented, tested and maintained ITIL divides information security into separate parts: Policy - the overall objectives which the organization wants to achieve Processes - what should be done to achieve the objectives Procedures - who does what and when to perform to achieve the objectives Work instructions - instructions for specific activities ITIL defines information security as a complex, cyclical process of continuous review and improvement

31 IT security according to ITIL

32 IT security according to ITIL
Recipients of ICT services through a risk analysis to identify their security requirements IT department will assess the suitability requirements and compare them with the minimum requirements for information security Recipients of ICT services and IT department together define formally agreed service levels(Service Level Agreement - SLA): SLA contains a definition of requirements for information security in clear measurable terms and values SLA specifies how it can be proven to meet the agreed level of information security Within the IT department and the organization of the contractors jointly define and agree a formal Operational Level Agreement (OLA) OLA specifies in detail how to ensure information security services SLA and OLA are continuously monitored and implemented Subscribers receive regular ICT service reports on the effectiveness of state services and information security SLA and OLA are continuously adjusted, if necessary

33 IT security ITIL v2 vs. ITIL v3
Common features of the process of information security according to ITIL v2 and ITIL v3: Information security processes are based on standards: - ISO / IEC 17799 - Code of Practice for Information Security Management - ISO / IEC 27001 - Information Security Management Systems standard Security incident is seen as a subset of the Incident Management process Vulnerability management is viewed as a subset of the Problem Management process Differences in the processes of information security according to ITIL v2 and ITIL v3: ITIL v2 ITIL v3 „Information security management“ Does not exist as an individual discipline of ITSM Is understood as an individual discipline of ITSM Processes related to information security are described in a book: Security Management Processes related to information security are integrated into most processes Information security processes are divided into two main segments: Setting the base level of security by SLA Implementation of the security requirements defined in the SLA Information security processes are incorporated into all parts of the Service Design book: Service Catalogue Management (Section 4.1 pg.60) Service Level Management (Section 4.2 pg. 65) Capacity management (Section 4.3 pg. 79) Availability management (Section 4.4 pg. 97) IT Service Continuity Management (Section 4.5pg. 125) Information security management (Section 4.6 pg.141)

34 IT Service continuity management – ITSCM (ITIL v3)
The main goal of the course ITSCM: Total support Business Continuity Management process, ensuring the required replacement of equipment in the required and agreed timescales The "IT Service Continuity" is related to the management organization's ability to continuously provide a predetermined and agreed minimum level of ICT services to ensure business processes in the event of failure of current ICT services. In the process ITSCM includes: Ensuring the sustainability of business processes by reducing the impact of large-scale emergency outages or errors Reducing vulnerability and risk through effective risk analysis using risk management Prevention of loss of customer confidence Development of recovery plans for ICT equipment, suitably harmonized with the plans of business continuity processes of customer

35 Information Security Management - IsM (ITIL v3)
The main objective of the ISM process: Align information security with business security and ensure that information security is managed effectively across all service areas and in all activities of ITSM IsM process includes: Information security policy and specific security policies that are aimed at all aspects of strategy, control and regulation The ISMS (Information Security Management System - ISMS), containing the standards, procedures and guidelines for policy support Comprehensive security strategy, linked with the commercial objectives, strategies and plans Effective organizational structure of security Set of control mechanisms to support security policy Management of security risks Monitoring processes to ensure compliance and providing feedback Communication strategy and security plan Plan training and awareness of users

36 IsM process according to Service Design book(a)
Development and maintenance of an information security policy and supporting specific policies Ensuring proper authorization, a formal expression of commitment and approval by senior IT management and business management Notification of information security policies applicable to all stakeholders Ensuring that information security policy is enforced and observed Identification and classification of information assets (configuration items - Configuration Items)and their desired level of control, management and protection Implementation of the BIA (Business Impact Analyses) Implementation of security risk analysis, risk management and linking them to Availability Management and IT Service Continuity Management Design and development of security plans Design and documentation of procedures for the operation and maintenance of safety Monitoring and management of all security breaches, incident management (incident handling) including corrective actions to prevent recurrence of the incident ITIL V3 Pre Reading Notes V Copyright of Purple Griffon 2007 ©

37 IsM process according to Service Design book (b)
Reporting, Analysis and minimization of the impact and extent of any security incidents, together with the Problem Management process A model for how education and awareness of users Security control and monitoring of safety documentation Review and auditing of all processes Ensuring that all changes are reviewed for their impact on  information security, including information security policy, and the convening of the CAB (Change Advisory Board) meetings whenever necessary Implementation of safety tests Strict compliance with the additional security checks in the Action Plan for the previous violation of safety rules Ensuring the confidentiality, integrity and availability of services is maintained at a level agreed in the SLA and their adaptation to all relevant legislative requirements Ensuring that all third party access as well as suppliers of ICT services are appropriate and contractually based Operating in the role of a local point of contact forall security incidents ITIL V3 Pre Reading Notes V Copyright of Purple Griffon 2007 ©

38 Service level agreement - SLA
SLA is a formal, written agreement, which documents the level of services, including information security services. - SLA is a key part of the process of information security framework, ITIL - SLA should include performance indicators (Key Performance Indicators - KPI) and performance criteria A typical SLA contract should include: - Permitted methods of access to information assets - Agreement on how auditing and log management - The level of physical security - Method of training and user awareness of information security - General description of the life cycle of identities, authentication methods and authentication procedures - Agreement on the mode of operation of security incidents - The requirements for audit and reporting

39 Security documentation according to ITIL
Documentation requirements for information security in accordance with ITIL: Service Level Agreement (SLA) - A formal agreement on the level of services, including information security Operational Level Agreement (OLA) - Detailed specification of how to ensure information security services Information security policy: - Objectives and scope of information security for the organization - The objectives and management principles for information security management - Definition of roles and responsibilities of information security The security policy should be issued by senior management organization Plans Information Security: - Description of how to implement policies in specific information systems, processes and organizational units Handbook of information security: - working documents for everyday use - specific, detailed work instructions

40 How ITIL can improve the level of information security(a)
ITIL keeps information security continually focused on business and services - Information security is often perceived as just another cost barrier to entry or business functions - with the help of the owners of ITIL business processes and IT service providers agree on the level of information security - to ensure that services are aligned with business needs ITIL allows organizations to develop and implement information security in a structured manner, based on best practice (good practice) - Information security is shifting from reactive to proactive and preventive process Its requirement for continuous assessment of ITIL provides a continuous review of the effectiveness of changes in terms of reducing the level of risk and threat ITIL establishes documented processes and standards (eg SLA and OLA), which can be effectively monitored and audited - It helps an organization's own perceived effectiveness of information security program and compare it with the regulatory requirements (such as NBS, NSA, ÚOOÚ, Basel II, SOX) ITIL provides the foundation upon which can be built in information security - Many ITIL disciplines (eg Change Management, Configuration Management and Incident - - Management) can substantially increase the level way limit the information security (eg, a significant number of incidents are caused by inadequate management of change)

41 How ITIL can improve the level of information security(b)
The organized ITIL framework prevents subjective, natural and chaotic implementation of information security processes - ITIL requires the design and build a consistent, measurable information security processes in ICT services before an incident occurs. This really saves time, money and effort. Reporting required within ITIL provides management with valuable information about the effectiveness of their organization's information security - Reporting allows management to make informed decisions regarding the management of operational risk ITIL defines roles and responsibilities in information security - During any incident is then clear who is responsible for what and who has done what - ITIL establishes a common language for discussion of information security personnel, which can more effectively communicate with internal and external professional partners - security personnel can easily understand discussion of information security with other groups of employees ITIL helps managers understand that information security is a key part of successful business processes, well-functioning organization

42 Summary Requirements for information security are increasingly growing in scope, complexity and importance The organization is risky, costly and inefficient to have information security based on subjective solutions developed The ITIL is possible to replace these processes standardized, integrated processes based on best practice (good practice) Although it takes time and effort, ITIL can improve how the organization implements and manages information security

43 itSMF itSMF (IT Service Management Forum) is an international non-profit and independentorganization of professionals dedicated to all aspects of services in information andcommunication technologies itSMF is perceived as a professional association of users ITIL standard, which significantly affects the development of the industry itSMF Slovakia is a fully-fledged part of a worldwide network of itSMF International Secetary: itSMF Slovensko, Dlhá 2/B, Stupava Web (Slovensko): Web (International):

44 Chief security officer VÚB Banka a.s. imakatura@vub.sk
Ivan Makatura Chief security officer VÚB Banka a.s. 44

Download ppt "IT Services Security IT Enviroment Management"

Similar presentations

Software Quality Assurance Plan

Software Quality Assurance Plan
ITIL: Service Transition

ITIL: Service Transition
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Management of IT Environment (5) LS 2012/2013 1 Martin Sarnovský Department of Cybernetics and AI, FEI TU Košice ITIL:Service Design IT Services Management.

Management of IT Environment (5) LS 2012/ Martin Sarnovský Department of Cybernetics and AI, FEI TU Košice ITIL:Service Design IT Services Management.
Security Controls – What Works

Security Controls – What Works
The ISO 9002 Quality Assurance Management System

The ISO 9002 Quality Assurance Management System
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
ITIL: Why Your IT Organization Should Care Service Support

ITIL: Why Your IT Organization Should Care Service Support
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
QUALITY MANAGEMENT SYSTEM ACCORDING TO ISO

QUALITY MANAGEMENT SYSTEM ACCORDING TO ISO
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.

© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)
Continual Service Improvement Process

Continual Service Improvement Process
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Information ITIL Technology Infrastructure Library ITIL.

Information ITIL Technology Infrastructure Library ITIL.
Introduction to ISO 9001:2000.

Introduction to ISO 9001:2000.
Roles and Responsibilities

Roles and Responsibilities

Similar presentations

Ads by Google