Educause Security Discussion mailing list archives
Re: ITIL in Higher Education?
From: "Walter E. Petruska" <wpetruska () USFCA EDU>
Date: Thu, 1 Jun 2006 17:39:03 -0700
We've been slowly implementing an ITSM strategy here at USF. So far, we've run 8 key IT staffers through the ITIL Foundations certification course, and we've got another sixteen going through the Foundation certification courses this week. Our Problem, Incident, Configuration, and Change Managers have been identified, and have developed their own USF ITS-Specific high-level process map for their areas of ITIL. If you dissect the ITIL guidance for security- you'll find that it is 'embedded' within each sub-area of responsibility. Therefore, I view my role in our ITIL implementation as a coordination role- ensuring that everyone else adopts similar and compatible security postures regarding user privileges, access to sensitive/private/confidential data, etc. I'll also pick up the extra ITSM title of 'IT Service Continuity Manager' - as Disaster Planning, Recovery and Service Continuity are core to the ITSM implementation. The attention given to security- REAL information systems security- by ITIL is negligible. There are many ITIL/ITSM references which point to the use of other important 'best practices' and standards. Therefore, ISO 17799 is the way to go for security- as well as following guidance in CoBit. You can also find ITIL documents (which support the rollout of an IT Service Management system) under their new standards nomenclature: BS 15000 (British Standard), and ISO 20000 (International Standard). I also hope to find some other Universities who are working on ISO 17799... Walter Petruska Project Director & CISO University of San Francisco ________________________________ From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] Sent: Wednesday, May 31, 2006 8:41 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] ITIL in Higher Education? Is anyone using ITIL yet? I am hearing great things about it, and I know that some are beginning to look at it in more depth, but if anyone has positive experience (or any experience, for that matter) using ITIL, I'd love to get your thoughts. On another note, we are also looking into ISO standards, and I do know that some of you are utilizing those standards successfully We are beginning to map our risk management and training plans to the ISO 17799 doc. I wonder if any of the Educause working groups are looking at these types of standards for higher ed. Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC Director, IT Security, Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu Office: 401-863-7266 PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
Current thread:
- ITIL in Higher Education? Sadler, Connie (May 31)
- <Possible follow-ups>
- Re: ITIL in Higher Education? Bruce Hobbs (May 31)
- Re: ITIL in Higher Education? Nick Tate (Jun 01)
- Re: ITIL in Higher Education? Crawford, Charles D (Jun 01)
- Re: ITIL in Higher Education? Walter E. Petruska (Jun 01)