Improving Security with ITIL: Software Asset Management
The IT Infrastructure Library (ITIL) is a widely used service management framework that addresses topics relevant to systems security. Over the next two weeks, I will post entries on aspects of ITIL that relate to messaging and Web security. We begin today with a look at software asset management (SAM).
Many security functions depend upon knowing what software is deployed and where it is. Tasks like vulnerability management, access control and business continuity planning need detailed information about software versions, configurations and deployment platforms. The software asset management section of ITIL addresses the principals of how to plan and implement procedures to track software asset information.
Specifically, ITIL recommends:
• Centralized management of software assets
• Clear definition of roles and responsibilities
• Commitment to standard software and configuration deployment
• Establishing clear procurement, deployment and retirement procedures
• Maintaining a centralized repository of software asset information
From systems management perspective, this strategy streamlines operations. It is simply easier to manage a growing and complex infrastructure if there is a centralized database of software deployment and configuration data to work with. From a security perspective, the centralized database is a resource for managing patch deployments, assessing vulnerabilities and exposures, and for conducting risk analysis operations.
The goal of ITIL is to provide a framework for managing IT infrastructure but it also contributes to network and platform security as well.
For more on SAM, see http://www.tso.co.uk/samdemo/index.htm and http://www.managesoft.com/solution/definition/itil-sam.xml
For more on ITIL and security, listen to the podcast Good Management is Good Security.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
