What can be tackled in a blog post are examples that demonstrate some of the ways ITIL best practices help improve security, here are such examples:
Incident Management - Whether reported by human or a well-tuned monitoring application, potential security holes or attacks need to be investigated systematically. Auditors will want evidence that you have a system in place to log threats and to systematically investigate them. The responsibility for processing these incidents needs to be clearly assigned. An incident management tool can largely automate this. On the front end, the Service Desk by way of the Service Catalog, should help inform employees on which types of incidents to report and guide them through the act of logging the incident. There should be a specific incident type for routing and reporting on security issues.
Problem Management - The details of security threats flow in from the Incident function. Those reports that are real and require further analysis should be raised to the security team through Problem Management. As part of that analysis, learning should be feedback to the organization through the knowledge management system. As the problems are addressed, lessons will be learned regarding specific tools and technology, this should be distilled into best practices for the users and IT staff to follow more securely deploy and use those technologies. Where appropriate, this knowledge should be made available through the self-service portal's knowledgebase.
Change Management - As changes are made, an auditable log must be kept of detailing the change and who approved it. Any change that has even the remotest possibility of introducing a vulnerability should go through a formal change process. Part of that process should include risk analysis. The risks to be analyzed are not only the likelihood of operational impairment, but also the risk of introducing vulnerabilities.
Release Management - If release management is not carefully controlled in an auditable way, it is easy for staff to intentionally or unintentionally deploy changes in a way that introduces vulnerabilities. Many organizations are fully automating the release of software, automatically staging and then pushing changes into production. This automation removes some of the human element, thereby not only reducing the chance for errors, but also eliminating some of the opportunities for an internal staff member to put in a back door, for example.
Configuration Management - The control and monitoring of configuration changes is probably the most obvious step toward improving security. Often malware attacks by first making a configuration change that opens the door more widely for it to attack, if it is clear how the system should be configured, then monitoring may point to the start of an attack.