IT Service Management teams must play a key role in cyber resilience, according to new AXELOS white paper
Organizations can be more effective in preventing and responding to cyber-attacks by ensuring effective collaboration between those responsible for cyber resilience and IT Service Management (ITSM) teams, according to a new white paper by AXELOS Global Best Practice.
Despite the numerous overlaps between cyber resilience and ITSM, many organizations manage them in independent silos, which results in unhelpful conflicts, according to white paper author Stuart Rance.
“Among the areas of significant overlap are business continuity management and incident management,” explained Stuart, who provides ITSM and information security management services to clients across the world. “In each of these areas it is essential that cyber resilience and ITSM work together to provide value to the business. If they are managed separately then this can lead to wasted resources, conflicting requirements and ultimately successful cyber-attacks.”
In the white paper – Cyber resilience and ITSM: working together to secure the information your business relies on – Stuart argues that there needs to be real collaboration between cyber resilience and ITSM to ensure risks are properly managed.
He said: “As part of a collaborative approach to cyber resilience and ITSM, it is possible to design tools and processes that cut across organizational silos and deliver real value by helping to ensure that the organization gets the greatest possible benefit from the information it owns.”
Stuart offers five tips to help ensure an organization is getting the best possible value from cyber resilience and ITSM:
- Learn about sources of best practice for cyber resilience and ITSM: go out and learn about existing, proven best practices and standards – you don’t need to start from a blank piece of paper;
- Ensure your management system covers the whole of the service lifecycle: don’t forget about areas of the lifecycle which may be more abstract or require more thought, such as effective governance or continual improvement;
- Design integrated processes that support both cyber resilience and ITSM: avoid multiple processes that do the same thing in areas like incident management, continuity management, change management and asset management;
- Define integrated end-to-end metrics that are focused on the needs of your customers: separate metrics for cyber resilience and ITSM can encourage behaviours which are not joined up;
- Encourage collaboration between your cyber resilience and ITSM people: ensure true collaboration by defining integrated processes and metrics as part of a holistic management system that meets all your needs across the whole cyber resilience lifecycle.
Nick Wilding, AXELOS Head of Cyber Resilience, said: “Effective cyber resilience must focus on aligning strategic priorities, service management tools, operational systems and architectures with ongoing training and involvement of all employees. Organizations which encourage greater collaboration between their cyber resilience and ITSM teams have a greater chance of recognizing, responding to and recovering from cyber-attacks effectively.”
AXELOS has recently launched a new Cyber Resilience Best Practice portfolio – RESILIA™ - which is aimed at putting employees at the centre of an organization’s cyber resilience strategy. It includes a Best Practice Guide aligned with ITIL®, the most widely adopted service management framework used by thousands of organizations worldwide.
Nick added: “Organizations already using ITIL for service management will find that cyber resilience can easily be integrated into this existing management systems, with cyber resilience controls and management becoming an extension of existing business-as-usual processes.”
Read the full white paper, Cyber resilience and ITSM: working together to secure the information your business relies on.
Latest News from
How important is ITIL certification today and for the future?06/06/2023 16:20:00
Blog posted by: Adam McCullough, Senior Program Manager, 02 June 2023.
Attracting, developing, and retaining the digital/ hybrid workforce of the future06/06/2023 13:20:00
Blog posted by: Erika Flora – President/CEO, Beyond20, 02 June 2023.
How PRINCE2 gives us a common project language, and why it’s important25/05/2023 13:20:00
Blog posted by: Robert Buttrick, 23 May 2023.
Resetting your PRINCE2® knowledge and approaches22/05/2023 13:20:00
Blog posted by: Lawrie Kirk, 19 May 2023.
Why everyone is a project manager now12/05/2023 13:20:00
Blog posted by: Pedro Bertacchini – Senior Project Manager, 10 May 2023.
Improving your portfolio management to keep services relevant11/05/2023 13:20:00
Blog posted by: Chris Gallacher, VP & Principal Consultant, Forrester Research and contributing author to ITIL 4 Digital and IT Strategy, 10 May 2023.
Programme management in a VUCA world02/05/2023 10:20:00
Blog posted by: Chris Carter, Principal, orgshift solutions inc, 27 April 2023.
Studying ITIL 4 beyond Foundation level: building careers and improving business17/03/2023 13:20:00
Blog posted by: Mohammed Feisal Ismail, Principal Consultant, Sapience Consulting, 16 March 2023.