ITIL 4 Information security and risk management practices: embedding safety culture and behaviour
Blog posted by: Radoslaw Gnat – Information Security Expert, GSK, 26 March 2020.
How well prepared are organizations for information security and risk management in an increasingly cloud computing-based world that is also volatile, uncertain, complex and ambiguous (VUCA) ?
The rush to use cloud services sometimes means organizations are not thinking fully about the risks. Thinking that “it’s in the cloud, therefore it’s safe” is wrong, though vendors may claim it is.
This is why it’s important for ITIL® 4 to have dedicated management practices for information security and risk management; helping enterprises to create healthy cyber behaviours and ensure all employees are involved. It’s also important that external suppliers embrace these best practices to manage overall risk.
Balancing security and freedom to innovate
Both information security and risk management are everyone’s job in the organization.
In high-velocity IT environments, development teams are operating with agility and multiple, regular changes. However, once they embed healthy information security behaviours, risk management becomes basic company culture and poses no problem to innovation.
This supports the ITIL 4 service value chain, ensuring that everything the organization is doing to co-create value for customers is secure at each point in the chain.
The information security management practice helps people understand the boundaries to work within and tools for solving specific product functionalities for the customer, such as anti-virus, malware protection and supplier access.
And, ultimately, it’s possible to achieve the cyber security maturity model:
- Identifying the risks/information vulnerable to threats
- Assessing how to comply
- Measuring and monitoring with key performance indicators
- Establishing continuous programmes for healthy cyber behaviours
- Transforming the organization with a strong security culture.
Balancing risk management and innovation
If an organization’s risk appetite is communicated effectively from C-level, then it becomes the standard approach and shouldn’t inhibit innovation.
ITIL 4’s risk management practice demonstrates that, on a daily basis, we are exposed to different types of risks; this means leaders need to nurture both culture and behaviour to minimize risk while, at the same time, co-creating value.
Having a clear approach through the management practice enables organizations to identify risk, know how to address it and repeat this process.
A major factor highlighted in ITIL 4 is the need to embrace change: what is best for an organization in a VUCA world and how to adapt to the anxiety that comes from the continuous cycle of change.
For this, enterprises need to develop the culture and behaviour among their people to be secure but also to give them the confidence to make mistakes and the ability to fix and learn from them.
Read Radoslaw Gnat's previous AXELOS Blog Post, ITIL 4 – supporting everyone in today's organization.
Latest News from
Career progression using project management skills03/06/2020 13:20:00
Blog posted by: Ana Bertacchini – senior project manager, 02 June 2020.
Why control is not a dirty word in PRINCE2 projects01/06/2020 13:20:00
Blog posted by: Duncan Wade – Director, The Human Interface Consultancy, 29 May 2020.
ITIL 4: time to stop and think about a new IT services blueprint28/05/2020 13:20:00
Blog posted by: Royce Dsouza – Division IT Director, Mirion Technologies, 27 May 2020.
How to manage a global team working from home27/05/2020 13:20:00
Blog posted by: Allan Thomson – PPM Product Ambassador, AXELOS, 26 May 2020.
How Technology is changing the way we work26/05/2020 13:20:00
Blog posted by: Rasha Akar, AXELOS Social Media Lead, 22 May 2020.
IT and the CIO: custodians of “employee experience”21/05/2020 17:14:00
Blog posted by: Bob Roark – service management expert at Bobroark.com, 21 May 2020.
ITIL 4 and automation – opening up improvement and transformation20/05/2020 13:20:00
Blog posted by: Charlie Miles – Pink Elephant, 19 May 2020.
ITIL 4: getting in shape for modern service management18/05/2020 13:20:00
Blog posted by: Barry Corless – lead author, ITIL 4 incident and problem management practices, 15 May 2020.