Re: ITIL in Higher Education?

["Walter E. Petruska" <wpetruska () USFCA EDU>]

We've been slowly implementing an ITSM strategy here at USF.  So far,
we've run 8 key IT staffers through the ITIL Foundations certification
course, and we've got another sixteen going through the Foundation
certification courses this week.  Our Problem, Incident, Configuration,
and Change Managers have been identified, and have developed their own
USF ITS-Specific high-level process map for their areas of ITIL. 

 

If you dissect the ITIL guidance for security- you'll find that it is
'embedded' within each sub-area of responsibility.  Therefore, I view my
role in our ITIL implementation as a coordination role- ensuring that
everyone else adopts similar and compatible security postures regarding
user privileges, access to sensitive/private/confidential data, etc.
I'll also pick up the extra ITSM title of 'IT Service Continuity
Manager' - as Disaster Planning, Recovery and Service Continuity are
core to the ITSM implementation.

 

The attention given to security- REAL information systems security- by
ITIL is negligible.  There are many ITIL/ITSM references which point to
the use of other important 'best practices' and standards.  Therefore,
ISO 17799 is the way to go for security- as well as following guidance
in CoBit.

 

You can also find ITIL documents (which support the rollout of an IT
Service Management system) under their new standards nomenclature: BS
15000 (British Standard), and ISO 20000 (International Standard).

 

I also hope to find some other Universities who are working on ISO
17799...

 

Walter Petruska

Project Director & CISO

University of San Francisco

 

________________________________

From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] 
Sent: Wednesday, May 31, 2006 8:41 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ITIL in Higher Education?

 

 

Is anyone using ITIL yet? I am hearing great things about it, and I know
that some are beginning to look at it in more depth, but if anyone has
positive experience (or any experience, for that matter) using ITIL, I'd
love to get your thoughts.

 

On another note, we are also looking into ISO standards, and I do know
that some of you are utilizing those standards successfully We are
beginning to map our risk management and training plans to the ISO 17799
doc. I wonder if any of the Educause working groups are looking at these
types of standards for higher ed.

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC 
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
Office: 401-863-7266 
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB