Chapter 16. IT Security and Service Management
In This Chapter
Recognizing security risks
Carrying out required security tasks
Managing user identity
Using detection and forensics programs
Creating a security plan
Security is a fundamental requirement if you're implementing true service management. You may think that someone else in your organization is responsible for security. Think again. Don't leave security to an independent department somewhere in the bowels of IT. This chapter shows you how, overall, security has to be baked into service management.
Unless you're fresh out of college, you know that before 1995, IT security wasn't a significant problem, so very little money was spent on it. By 2004, organizations around the world were spending more than $20 billion on IT security, and that figure is expected to rise to $79 billion by the end of 2010. What happened?
Our guess is that you already know what happened. The Internet happened, letting computers connect remotely to hundreds of millions of other computers and giving lots of bad guys ample opportunity to launch a new career. The bad guys got better at breaking into IT networks, so the cost of stopping them escalated.
IT security is a very awkward area of service management for three reasons:
Almost all applications are built without any consideration for security.
IT security delivers very few benefits beyond reducing the risk of security breaches.
Measuring the success of any IT security investment is very difficult. ...