USMBOK Home Page
Access the ShopShop | Forums | Support
Introduction Code of Conduct Career Headquarters
Communities Community Membership Community Sponsorship Community Partnership Community Leadership Service: Connections™ Join Today
USMBOK™ USMBOK Best Practices USMBOK Key Measures USMBOK Extensions USMBOK Mappings USMBOK Governance Council
Program Overview Credentials Approved Education Provider Program Professional Development Credits Continuing Certification Requirements Qualifications Governance Council
Webinars
USMBOK Support USMBOK Forums
Introduction to ITSM-COE™ Curriculum Student Portal Classroom Events Web Events
About the USMBOK Permissions Linking to the USMBOK
Knowledge Domains
  • USM0XX: Introduction to Knowledge Domains
  • USM4XX: Service Delivery Management
  • USM410: Service Level Management
  • USM420: Service Asset Management
  • USM430: Service Security Management
  • USM440: Service Capacity Management
  • USM450: Service Continuity Management
  • USM460: Service Availability Management

Useful Links
  • The USMBOK Home Page
  • USMBOK Knowledge Articles
  • Best Practice Statement Library
  • Key Performance Measure Library
  • Guide to USMBOK
  • USMBOK Discussion Forums
  • USMBOK Support Service Desk

USMBOK™: USM430

Service Security Management

Information is an essential business asset that requires suitable protection. Information can exist in many forms is exposed to a growing number and wider variety of threats due to the increasingly interconnected business environment.  Whatever form the information takes, or means by which it is shared or stored, it needs to be appropriately protected.

Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. 

Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions, to ensure that the specific security and business objectives of the organization are met.

Service Security Management is responsible for the definition, assessment, resolution, and maintenance of effective security requirements and strategies within the organization as they relate to services.


Charter Statement:

  • To cost-effectively prevent the occurrence of security related incidents, manage the confidentiality, integrity and availability of all designated information through:

    • Ensuring that all parties involved in the use and provision of information system services remain constantly aware of the prevailing national legislation, industry regulation, international and national standards supporting codes of practice, and generally accepted (good) practices for protecting information;
    • Defining security requirements in terms understood by the all parties involved in the provision of service, including the users of the services;
    • Co-operating with Service Level Management to translate the service requirements into service level targets (objectives) described within Service Level Agreements (SLA) signed with customers, Operations Level Agreements (OLA) signed with the internal provider groups, and contracts signed with external third-party organizations;
    • Integrating security management into the service governance framework;
    • Implementing a standards-based and regulatory compliant information security management system (ISMS, see ISO 27000) through which security is administered and security incidents managed;
    • Integrating security considerations into business continuity plans.

Service Value Management Quick Links

Best Practices
Key Performance Measures

Additional information on this topic is included in the Guide to the USMBOK and supporting reference materials.

 

Key Objectives

The following key objectives are just some of those commonly found within this topic's standard operating practices:

  • Further information is available in the Guide to the USMBOK

 

Key Concepts

The following key concepts are just some of those commonly found within this topic's standard operating practices:

  • Further information is available in the Guide to the USMBOK

Key Artifacts

The following key artifacts are just some of those commonly found within this topic's standard operating practices:

  • Further information is available in the Guide to the USMBOK

Major Activities

The following major activities are representative of those commonly found within this topics's standard operating practices:

  • Further information is available in the Guide to the USMBOK

More...

The USMBOK provides a significant amount of additional information on each element of the framework, including this area. The additional information includes:

Best Practices :

Best practices represents a technique or method that through experience and research has reliably led to a desirable level of operation. The USMBOK provides specific guidance on the 'best practices' required to design, implement and sustain an efficient and effective operation and offer these through a subscription based service, the

Best Practice Statement Library.

Key Performance Measures :

The efficiency and effectiveness of an operation is measured through its 'performance'. The Performance Management Framework (PMF) provides three levels or types of measures to help manage performance from the strategic, tactical and operational perspective.

The USMBOK provides specific guidance on these 'key performance measures' through a dedicated, subscription based service, the

Key Performance Measure Library.

Extensions:

An 'extension' is an approved additional relevant reference to the USMBOK and typically in the form of :

  • A book or publication with an ISBN or similar reference;
  • A website page or pages;
  • A white paper;
  • A personally penned article or report;
  • A periodical article or newsletter item;

More information on the available extensions and how they may be accessed or contributions submitted can be found here:

USMBOK Extension Library.

Tell a FriendTell a Friend
Home | Contact us | IP Guidelines | Terms and Conditions | Privacy Policy | Copyright © 1990-2008 IMC
©USMBOK®