Information Security Management

advertisement
IT Services Security
IT Enviroment Management
Faculty of Electronics and Informatics
Technical university in Košice
• Ing. Ivan Makatura (imakatura@vub.sk)
Introduction to ITSM/ITIL
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
2
What is ITSM?
• In order for the companies in a competitive environment to achieve the objectives set by corporate strategy,
they have to perform quality business processes.
• Modern business processes require high quality services for their functioning.
• Condition for the proper functioning of IT services is a high quality ICT infrastructure.
• High quality ICT infrastructure is not sufficient condition for the proper functionality of IT sevices. It is
necessary to also manage the way of providing IT services
• IT service management is called The IT Service Managment(ITSM).
• ITSM Content= definition of processes, which should be implemented in the enterprise in order to ensure
continuous supply of quality IT services at optimal cost expenditure.
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
3
What is ITIL?
ITIL „IT Infrastructure Library“:
• Comprehensive set of „best practices“ for IT services
• Contains a series of books, intending to help organizations to develop quality IT
services
• ITIL is owned and maintained by OGC (UK Office of Government Commerce)
• Not a methodology, neither a methodology to IT service management or its
implementation methodology in the organization
• Is a global de-facto framework for ITSM
• ITIL framework for proposal of ITSM processes leaves much discretion in the
implementation process
• ITIL does not say „HOW“ but „WHAT“ is recommended to perform in ITSM
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
4
ITIL characteristics
• Process Management
– ITIL uses a process-oriented approach to IT service management (as opposed to the traditional
management of functional).
– Process is a logical sequence of tasks transforming input to a particular output, the performance of
individual tasks is ensured by challenges with clearly defined responsibilities.
– The whole process is controlled, monitored, measured, evaluated and continuously improved.
• Customer-oriented approach
– All processes are designed within customer needs,
– ie. Every activity, every action in every process has to bring some added value to the customer.
• Clear terminology
– Clear terminology is sometimes a less appreciated or entirely skipped characteristic
of ITIL, but only until we firstly try to address misunderstandings resulting from the fact
that someone uses the same term in another sense than we expect.
• Platform independence
– The framework of ITSM processes according toITIL is independent of any platform.
• Public Domain
– The library is freely available, meaning that anyone can buy books of ITIL and ITSM
processes according to ITIL to implement in your business.
– The free availability of the ITIL library, among other things contributed to the rapid worldwide spread
of ITIL.
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
5
ITIL advantages
• IT services are becoming more customer-oriented
• The quality of IT services is improved
• The cost of IT services are more manageable
• IT organizations are evolving into manageable structures and become more
efficient
• Changes in ICT are simpler and clearer
• There is a unified framework for internal communication with the IT organization
• ICT processes are standardized and integrated
• Defined is auditable and verifiable performance metrics and quality IT services
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
6
Standardization framework
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
7
IT Security standardization
• ISO/IEC 20000: IT service management - Specification for service management
• ISO/IEC 17799: Code of Practice for Information Security Management
• ISO/IEC 27001: Information technology - Security techniques - Information security
management systems: Code of Best Practices for Information Security
Management
• ISO/IEC 27003: Information technology - Security techniques - Information security
risk management
• ISO/IEC 15408: Information technology - Security techniques - Evaluation criteria
for IT security
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
8
Relation between ITIL a ISO 20000 (a)
JTC1 – Information Technology
Subcommittee
Title
JTC 1/SWG
JTC 1/SC 2
Accessibility (SWG-A) The convener can be reached through the secretariat
Coded character sets
JTC 1/SC 6
Telecommunications and information exchange between systems
JTC 1/SC 7
JTC 1/SC 17
Software and systems engineering
Cards and personal identification
JTC 1/SC 22
Programming languages, their environments and system software interfaces
JTC 1/SC 23
Digitally Recorded Media for Information Interchange and Storage
JTC 1/SC 24
Computer graphics, image processing and environmental data representation
JTC 1/SC 25
Interconnection of information technology equipment
JTC 1/SC 27
JTC 1/SC 28
IT Security techniques
Office equipment
JTC 1/SC 29
Coding of audio, picture, multimedia and hypermedia information
JTC 1/SC 31
JTC 1/SC 32
JTC 1/SC 34
JTC 1/SC 35
Automatic identification and data capture techniques
Data management and interchange
Document description and processing languages
User interfaces
JTC 1/SC 36
Information technology for learning, education and training
JTC 1/SC 37
Biometrics
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
9
Relation between ITIL a ISO 20000JTC1
(b) SC7 – Software and Systems Engineering
JTC1 SC7
WG20
WG1A
WG21
WG2
WG22
WG4
WG23
WG6
WG24
WG7
WG26
WG10
WG42
WG19
WG25
IT Governance
ISO 38500
SW Life-Cycle Processes
IT Service Management
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
ISO 12 207, ISO 15 288
ISO 20000-1, ISO 20000-2
10
Vzťah ITIL a ISO 20000 (c)
JTC1 SC27 – IT Security Techniques
JTC1 SC27
ISO 27001, ISO 27002
WG1
ISMS
WG2
Cryptography and Security Mechanisms
WG3
Security Evaluation Criteria
WG4
Security controls and services
WG5
Identity management and privacy technologies
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
11
Scope of ISO/IEC JTC1 / SC 27 (IT Security techniques)
Assessment
WG 3
„Security Evaluation“
WG 1
„ISMS“
WG 4
„Security Controls & Services“
Guidelines
WG 2
„Cryptography & Security
Mechanisms“
WG 5
„Privacy, Identity &
Biometric Security“
Techniques
Product
System
Process
Environment
• ISO/IEC JTC1 / SC 27 = SÚTN TK37 / SK02
• Subcommission distribution TK37 / SK02 is identical to JTC1 / SC 27
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
12
IT infrastructure library v.2
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
13
ITIL v2 Library structure
• Mutual relation of ITIL publications
• Relations of specific pubications with business processes and ICT infrastructure
Service Management
Service
support
IT
Infrastructure
Management
The Business
Perspective
Service
delivery
Security
Management
The Technology
The Business
Planning to implement Service Management
Application Management
© OGC
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
14
Operational discipline according to ITIL v2
• Operational ITSM disciplines described in the Service Support book: :
• Service Desk (function)
– SD is to provide the user with a focal point for addressing the requirements
– his chapter describes how to create and perform SD as an effective communication channel
between users and providers of IT services
– Configuration Management
– provides a logical model of infrastructure or services through the identification, management,
administration and verification of all configuration items that are implemented
– Incident Management
– process that ensures the fastest delivery of service restoration and minimizing the consequences of failure of
services to business
– Problem Management
– the process of discovering the underlying causes of incidents. Problem Management initiates security bug fixes
in ICT infrastructure and implement a proactive and prevent problems
– Change Management
– process that uses standardized methods and procedures to effectively and quickly implement the changes. The
purpose is to minimize the formation of incidents due to changes
– Release Management
– process that ensures successful deployment and distribution of changes in ICT infrastructure. It
ensures that both aspects of the deployment(technical and organizational) will be consistent.
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
15
Tactical disciplines according to ITIL v2
• Tactical processes ITSM described in Service Delivery book:
• Service Level Management
– deals with planning, coordinating, designing, closing, monitoring and evaluation of contracts for service
support (SLA) with customers and subcontractors with contracts (OLA and UC). The aim is to
manage and improve service quality and customer relationships
• Capacity Management
– responsible for ensuring a permanent infrastructure of sufficient capacity so that they always
met all business requirements, both current and future
• Availability Management
– responsible for achieving a level of availability of IT services, which corresponds to the business
requirements. Achieves this by measuring and monitoring the availability of IT Services, comparing these values ​with
business requirements for availability and then initiating steps leading to the attainment of desired state
IT Service Continuity Management
– process management capabilities to provide the defined service levels for system failure (failure of the
application components to the complete loss of the conditions necessary for business)
• Financial Management for IT Services
– responsible for recording the cost of IT services, evaluating return on investment in IT services and costs for all aspects
of the restoration operation. Provides documentation to establish the ICT budgets and price list
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
16
ITIL v2 Library – brief summary(a)
• Service Support
– Description of the processes at the operational management
– Processes predominate character of daily, routine operation
– Summary The process described in the book of daily service support can support users of IT services
• Service Delivery
– Description of the processes at the tactical management.
– Predominant character of long-term planning processes
– Summary of processes described in the book
– Service delivery is building relationships with customers and achieve their long-term satisfaction with the
provision of IT services
• ICT Infrastructure Management
– Description of the processes relating to the management of ICT infrastructure
– The book addresses all aspects of ICT to identify business requirements through
– Bidding to testing, installation, implementation and maintenance of components in support of ICT services
• Application Management
– Description of life cycle processes of application software
– The book deals with the processes from initial feasibility studies through development, testing,
creating documentation, user training, implementation into the production environment, run applications,
change control management to the end use application
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
17
ITIL v2 Library – brief summary(b)
• The Business Perspective
– Books for business managers.
– Presents the basic principles of ICT infrastructure needed to support business
processes (eg, IT Service Management)
– The book also includes ITIL publication Quality Management for IT Services, which describes the
correlation ITSM processes with the provisions of quality management standards (ISO 9000)
• Planning to Implement Service Management
– The book is intended for members of implementation teams
– It describes the processes, tasks and problems associated with planning, implementing and
improving processes, IT Service Management
• Security Management
– The book describes the organization and management of ICT security infrastructure from the perspective
of IT managers
– Describes the process of planning and managing a defined level of information security and IT
services including all aspects related to the response to security incidents
• Software Asset Management
– The book describes the process for management, control and protection of software assets in all stages
of its life cycle
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
18
IT infrastructure library v.3
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
19
ITIL v3 core
Continual
service
improvement
ice n
v
r
Se sitio
n
tr a
Service
operation
Service
strategy
Se
r
de vice
sig
n
© OGC
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
20
ITIL v3 library structure
Service strategy
Service design
Service transition
Service operation
Strategy generation
Service catalogue
management
Service Asset &
Configuration Mgt.
Event Management
Service portfolio
management
Service level
management
Knowledge Mgt.
Incident Management
Demand management
Supplier management
Change Mgt.
Access Management
Financial management
Supplier management
Release & Deployment
Mgt.
Problem Management
Availability management
Transition Planning &
Support
Service desk
IT Service continuity
management
Service Validation &
Testing
Apps Mgt.
Information security
management
Evaluation
Tech. Mgt.
IT Ops. Mgt.
Continual Service Improvement
Service Measurement
Service Reporting
7 Step Impovement
Process
© OGC
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
21
Basic differences between ITIL v2 and ITIL v3 (a)
• Changes in concept– dominant life-cycle
• Changes in range– added new processes:
"Demand Management", "Test Management",
"Supplier Management", "Event Management„ and others.
• Changes in terminology– service definition, process definition of „Service
Management“, new terms Cataloque/Portfolio of services, DSL/DML
• Changes in position of IT services – traceability in business
• Changes in structure– individual position of CSI process
• Good Practice instead of Best Practice
ITIL v3
• New understanding in terms of customer service: a combination
of "utility" (utility) and "guarantees"(warrants)
Service
support
IT
Infrastructure
Management
The Business
Perspective
Service
delivery
Security
Management
ce
rvi n
Se sitio
n
tr a
Service
strategy
Service
operation
Service Management
The Technology
ITIL v2
The Business
Planning to implement Service Management
Continual
service
improvement
Se
r
de vice
sig
n
Application Management
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
22
Relations of ITSM processes
and IT security processes
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
23
Security process
• Security = maintaining an acceptable level of identified risk
– Complex of processes and activities to avert or reduce the identified risks, respectively
manifestations of threats that affect information assets.
– Security is not closing, nor product. Safety is an ongoing continuous process
Reaction
Detection
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
Evaluation
Protection
24
Basic goals of IT security
Confidentiality – (Authorized personnel access only)
C
I
A
A
Integrity (Data protection against modification)
Availability –
(Reliable and prompt access to data)
Accountability –
(unambiguous identifiability of data access...)
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
25
Príklady incidentov v jednotlivých kategóriách
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
26
Vrstvový model ochrany informácií
Firewalling
VPN’s
Intrusion detection
Security program
Internet / exterior
Perimeter
Network
Host
Application
Monitoring procedures
Reporting and
escalation
Incident management
Forensic evidence
Data
Premises
Routing
Entrance
Extranets
LAN/WAN traffic
Intranets
OS monitoring
Vulnerability checking
Application controls
Database monitoring
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
Information assets
27
Restrictive
policy
Non-restrictive
policy
Security levels
Everything is allowed, including
that which should be not
Everything is allowed except
activities, which are explicitly
disabled
Benevolent
Liberal
Everything is disabled except
activities, which are explicitly
allowed
Careful
Everything is disabled including
activities, which shoud be allowed
Paranoid
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
28
Relations between security attributes acc. to ISO/IEC 15408
Relations between basic terms in IT security according to Common Criteria:
© Common Criteria for Information Technology Security Evaluation: Security concepts and relationships
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
29
IT security according to ITIL
• ITIL requires effective information security measures implemented at the
strategic, tactical and operational level
• Information security is considered to be an
iterative process that must be controlled, planned, implemented,
tested and maintained
• ITIL divides information security into separate parts:
Policy - the overall objectives which the organization wants to achieve
Processes - what should be done to achieve the objectives
Procedures - who does what and when to perform to achieve the
objectives
Work instructions - instructions for specific activities
• ITIL defines information security as a complex, cyclical
process of continuous review and improvement
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
30
IT security according to ITIL
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
31
IT security according to ITIL
1. Recipients of ICT services through a risk analysis to identify their security requirements
2. IT department will assess the suitability requirements and compare them with the
minimum requirements for information security
3. Recipients of ICT services and IT department together define formally agreed service
levels(Service Level Agreement - SLA):
1.
SLA contains a definition of requirements for information security in
clear measurable terms and values
2.
SLA specifies how it can be proven to meet the agreed level of information security
4. Within the IT department and the organization of
the contractors jointly define and agree a formal Operational Level Agreement
(OLA)
5. OLA specifies in detail how to ensure information security services
SLA and OLA are continuously monitored and implemented
6. Subscribers receive regular ICT service reports on the effectiveness of state services and
information security
7. SLA and OLA are continuously adjusted, if necessary
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
32
IT security ITIL v2 vs. ITIL v3
Common features of the process of information security according to ITIL v2 and ITIL v3:
Information security processes are based on standards:
- ISO / IEC 17799 - Code of Practice for Information Security Management
- ISO / IEC 27001 - Information Security Management Systems standard
Security incident is seen as a subset of the Incident Management process
Vulnerability management is viewed as a subset of the Problem Management process
Differences in the processes of information security according to ITIL v2 and ITIL v3:
ITIL v2
ITIL v3
„Information security management“
Does not exist as an individual discipline of ITSM
„Information security management“
Is understood as an individual discipline of ITSM
Processes related to information security are described in a
book: Security Management
Processes related to information security are integrated into
most processes
Information security processes are divided into two main segments:
Setting the base level of security by SLA
Implementation of the security requirements defined in the SLA
Information security processes are incorporated into all parts of
the Service Design book:
Service Catalogue Management (Section 4.1 pg.60)
Service Level Management (Section 4.2 pg. 65)
Capacity management (Section 4.3 pg. 79)
Availability management (Section 4.4 pg. 97)
IT Service Continuity Management (Section 4.5pg. 125)
Information security management (Section 4.6 pg.141)
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
33
IT Service continuity management – ITSCM (ITIL v3)
• The main goal of the course ITSCM:
– Total support Business Continuity Management process, ensuring the required replacement of
equipment in the required and agreed timescales
– The "IT Service Continuity" is related to the management organization's ability to continuously provide a
predetermined and agreed minimum level of ICT services to ensure business processes in the event of
failure of current ICT services.
• In the process ITSCM includes:
• Ensuring the sustainability of business processes by reducing the impact of large-scale emergency
outages or errors
• Reducing vulnerability and risk through effective risk analysis using risk management
• Prevention of loss of customer confidence
• Development of recovery plans for ICT equipment, suitably harmonized with the plans of business
continuity processes of customer
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
34
Information Security Management - IsM (ITIL v3)
• The main objective of the ISM process:
Align information security with business security and ensure that information security is
managed effectively across all service areas and in all activities of ITSM
• IsM process includes:
– Information security policy and specific security policies that are aimed at all aspects
of strategy, control and regulation
– The ISMS (Information Security Management System - ISMS), containing the standards,
procedures and guidelines for policy support
– Comprehensive security strategy, linked with the commercial objectives,
strategies and plans
– Effective organizational structure of security
– Set of control mechanisms to support security policy
– Management of security risks
– Monitoring processes to ensure compliance and providing feedback
– Communication strategy and security plan
– Plan training and awareness of users
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
35
IsM process according to Service Design book(a)
• Development and maintenance of an information security policy and supporting
specific policies
• Ensuring proper authorization, a formal expression of commitment and approval by senior
IT management and business management
• Notification of information security policies applicable to all stakeholders
• Ensuring that information security policy is enforced and observed
• Identification and classification of information assets (configuration items Configuration Items)and their desired level of control, management and protection
• Implementation of the BIA (Business Impact Analyses)
• Implementation of security risk analysis, risk management and linking them to Availability
Management and IT Service Continuity Management
• Design and development of security plans
• Design and documentation of procedures for the operation and maintenance of safety
• Monitoring and management of all security breaches, incident management (incident
handling) including corrective actions to prevent recurrence of the incident
ITIL V3 Pre Reading Notes V1.60 - 36 - Copyright of Purple Griffon 2007 ©
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
36
IsM process according to Service Design book
(b)
• Reporting, Analysis and minimization of the impact and extent of any security incidents,
together with the Problem Management process
• A model for how education and awareness of users
• Security control and monitoring of safety documentation
• Review and auditing of all processes
• Ensuring that all changes are reviewed for their impact on information security, including
information security policy, and the convening of the CAB (Change Advisory Board) meetings
whenever necessary
• Implementation of safety tests
• Strict compliance with the additional security checks in the Action Plan for the
previous violation of safety rules
• Ensuring the confidentiality, integrity and availability of services is maintained at a level
agreed in the SLA and their adaptation to all relevant legislative requirements
• Ensuring that all third party access as well as suppliers of ICT services are appropriate and
contractually based
• Operating in the role of a local point of contact forall security incidents
ITIL V3 Pre Reading Notes V1.60 - 36 - Copyright of Purple Griffon 2007 ©
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
37
Service level agreement - SLA
- SLA is a formal, written agreement, which documents the level of services, including
information security services.
- SLA is a key part of the process of information security framework, ITIL
- SLA should include performance indicators (Key Performance Indicators KPI) and performance criteria
• A typical SLA contract should include:
- Permitted methods of access to information assets
- Agreement on how auditing and log management
- The level of physical security
- Method of training and user awareness of information security
- General description of the life cycle of identities, authentication methods and authentication
procedures
- Agreement on the mode of operation of security incidents
- The requirements for audit and reporting
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
38
Security documentation according to ITIL
Documentation requirements for information security in accordance with ITIL:
• Service Level Agreement (SLA)
- A formal agreement on the level of services, including information security
• Operational Level Agreement (OLA)
- Detailed specification of how to ensure information security services
• Information security policy:
- Objectives and scope of information security for the organization
- The objectives and management principles for information security management
- Definition of roles and responsibilities of information security
• The security policy should be issued by senior management organization
Plans Information Security:
- Description of how to implement policies in specific information systems, processes and organizational
units
• Handbook of information security:
- working documents for everyday use
- specific, detailed work instructions
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
39
How ITIL can improve the level of information security(a)
•
ITIL keeps information security continually focused on business and services
- Information security is often perceived as just another cost barrier to entry or business
functions
- with the help of the owners of ITIL business processes and IT service providers agree on
the level of information security - to ensure that services are aligned with business needs
•
ITIL allows organizations to develop and implement information security in a
structured manner, based on best practice (good practice)
- Information security is shifting from reactive to proactive and preventive process
•
Its requirement for continuous assessment of ITIL provides a continuous review of
the effectiveness of changes in terms of reducing the level of risk and threat
•
ITIL establishes documented processes and standards (eg SLA and OLA), which
can be effectively monitored and audited
- It helps an organization's own perceived effectiveness of information security program and
compare it with the regulatory requirements (such as NBS, NSA, ÚOOÚ, Basel II, SOX)
•
ITIL provides the foundation upon which can be built in information security
- Many ITIL disciplines (eg Change Management, Configuration Management and Incident - Management) can substantially increase the level way limit the information security (eg, a
significant number of incidents are caused by inadequate management of change)
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
40
How ITIL can improve the level of information security(b)
•
The organized ITIL framework prevents subjective,
natural and chaotic implementation of information security processes
- ITIL requires the design and build a consistent, measurable information
security processes in ICT services before an incident occurs. This really saves
time, money and effort.
•
Reporting required within ITIL provides management with valuable information about
the effectiveness of their organization's information security
- Reporting allows management to make informed decisions regarding the management of
operational risk
•
ITIL defines roles and responsibilities in information security
- During any incident is then clear who is responsible for what and who has done what
- ITIL establishes a common language for discussion of information
security personnel, which can more effectively communicate with internal and external
professional partners
- security personnel can easily understand discussion of information security with other
groups of employees
•
ITIL helps managers understand that information security is a key part
of successful business processes, well-functioning organization
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
41
Summary
• Requirements for information security are increasingly growing in scope, complexity and
importance
• The organization is risky, costly and inefficient to have information
security based on subjective solutions developed
• The ITIL is possible to replace these processes standardized, integrated processes based on
best practice (good practice)
• Although it takes time and effort, ITIL can improve how the
organization implements and manages information security
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
42
itSMF
• itSMF (IT Service Management Forum) is an international nonprofit and independentorganization of professionals dedicated to all aspects of services in
information andcommunication technologies
• itSMF is perceived as a professional association of users ITIL standard, which significantly
affects the development of the industry
• itSMF Slovakia is a fully-fledged part of a worldwide network of itSMF International
• Secetary:
itSMF Slovensko,
Dlhá 2/B,
900 31 Stupava
• E-mail:
itsmf@itsmf.sk
• Web (Slovensko):
www.itsmf.sk
• Web (International):
www.itsmf.org
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
43
Ivan Makatura
Chief security officer
VÚB Banka a.s.
imakatura@vub.sk
FEI TUKE - Riadenie IT služieb – Bezpečnosť IT služieb
44
Download