Introduction to IT service management

IT service management (ITSM) is concerned with how we manage the IT resources in an organisation so that they best align with the business.

Many of the principles that we use in ITSM should also apply to how we run the SOC (although, sadly, this is often not the case). The rest of the IT in the organisation should also be applying ITSM best practices and it is sensible for the SOC to align with the practices used in the rest of the organisation. Later we will look at the next layer up, that of IT governance*.

*If you are unfamiliar with the difference between IT administration, management, and governance, then please look at this article on Administration vs Management vs Governance.

Why ITSM?

Let’s answer this by looking at the following hypothetical scenario experienced by an IT lecturer:

At one point in my career, the university where I was working decided to centralise all its IT support. My department, being a computer department, had a wide range of servers and non-standard desktops, and in the process of the reorganisation lost all of its IT officers (some left the university, some went to the centre).

It quickly became apparent that while the central IT unit had increased its desktop and front line support to deal with taking on all the departmental IT, it had not increased its back end server and operational support as it had not occurred to the powers that be that a department would have any servers. It also became quickly apparent that the documentation for the department’s server infrastructure (30 servers in two server rooms) consisted of two sides of A4. With the person responsible for the servers being one of the people who had left the university, it was left to me (as the lecturer in this area) to maintain the infrastructure.

With no idea of what most of the servers did, my first act was to switch off the servers in turn and see who or what screamed. My second was to roll out ITIL to make sure that I never found myself in the same situation again.

Often, those of us who work in cyber security have a fascination with the technical aspects of the role; however, just as important are the processes and procedures we follow to ensure that our systems are suitable for what the organisation needs. One way to achieve this is to realise that we are not managing IT systems: we are managing the delivery of a service. Having a service management approach moves focus away from technology onto what the organisation needs to achieve. This is not to say that the technology is not important, but that the technology is important to the extent to which it meets the organisation’s needs.

Of course, this leads to the question, what is an IT service? A useful way of thinking of an IT service is that it is a service that adds value to the organisation, or to an organisational process.

Thinking in this way helps us to focus on doing activities that will have measurable benefit to the organisation and adopting this approach to IT helps ensure that resources are not wasted. Obviously, this approach is applicable to the SOC as well as the rest of the organisation’s IT.

ITSM is therefore about a set of best practice approaches to help us manage our IT services. There are a number of best practice guidelines out there, but the most common of these are ITIL and ISO 2000.

ITIL

The IT Infrastructure Library, or ITIL for short, was created in the 1980s by the UK government’s CCTA (Central Computer and Telecommunications Agency) with the objective of ensuring better use of IT services and resources. In 2013 the responsibility for ITIL was taken over by Axelos, which in February 2019 released version 4 of the ITIL standard.

ITILv3 is (currently) the most commonly adopted ITSM standard in the world, although this is likely to be superseded by ITILv4 as more organisations move to the new version of the standard. One of the reasons for its popularity is that ITIL is not prescriptive and can be adapted to fit any company’s size, structure and requirements. (It can be argued that ITIL is not a methodology – it is a guide and if you implement ITIL exactly according to the reference material, you are doing it wrong.)

This flexibility allows organisations to have a gradual implementation of ITIL and roll out only the parts that are relevant to them at that particular time and allow for an increase over time of control over the IT services. We’ll look at ITIL in more detail in the next step.

ISO 2000

ITIL’s flexibility is one of its strengths, but in some situations that can also be seen as a weakness as it can lead to uncertainty on what should be done in a particular situation.

For general ITSM, this may not be an issue, but when considering security, it might be desirable to have more structure and it is here that ISO 20000 comes in. ISO 20000 can be thought of as a more structured version of ITIL (hence 20000-11 which details how ISO 20000 relates to ITIL). The main advantages of ISO 20000 over ITIL is that it fills in the detail that ITIL leaves out and gives exemplars to help with the implementation. The main disadvantage of ISO 20000 is that it is not as flexible to unusual situations as ITIL and not as suitable for a partial or gradual implementation.

In most cases, ITIL is still preferred, but companies that require extra assurance (either from customers or regulators) would benefit from implementing it and it may be seen as the preferred standard for use in a SOC.

Your task

Consider the following and discuss in the comments below:

  • From a business perspective, what are the key business functions of a SOC?
  • From a service management perspective, what key IT services would support the key business functions?
  • From an IT management perspective, what key IT systems are needed to support those services?

References

AXELOS (2019) ITIL – IT Service Management [online] available from https://www.axelos.com/best-practice-solutions/itil [31 July 2019]

BSI (2018) ISO/IEC 20000-1:2018 Information Technology – Service Management – Part 1: Service Management System Requirements. [online] available from https://www.iso.org/standard/70636.html [30 July 2019]

Share this article:

This article is from the free online course:

Security Operations

Coventry University