Organizations can be more effective in preventing and responding to cyber-attacks by ensuring effective collaboration between those responsible for cyber resilience and IT Service Management (ITSM) teams, according to a new white paper by AXELOS Global Best Practice.
Despite the numerous overlaps between cyber resilience and ITSM, many organizations manage them in independent silos, which results in unhelpful conflicts, according to white paper author Stuart Rance.
“Among the areas of significant overlap are business continuity management and incident management,” explained Stuart, who provides ITSM and information security management services to clients across the world. “In each of these areas it is essential that cyber resilience and ITSM work together to provide value to the business. If they are managed separately then this can lead to wasted resources, conflicting requirements and ultimately successful cyber-attacks.”
In the white paper – Cyber resilience and ITSM: working together to secure the information your business relies on – Stuart argues that there needs to be real collaboration between cyber resilience and ITSM to ensure risks are properly managed.
He said: “As part of a collaborative approach to cyber resilience and ITSM, it is possible to design tools and processes that cut across organizational silos and deliver real value by helping to ensure that the organization gets the greatest possible benefit from the information it owns.”
Stuart offers five tips to help ensure an organization is getting the best possible value from cyber resilience and ITSM:
- Learn about sources of best practice for cyber resilience and ITSM: go out and learn about existing, proven best practices and standards – you don’t need to start from a blank piece of paper;
- Ensure your management system covers the whole of the service lifecycle: don’t forget about areas of the lifecycle which may be more abstract or require more thought, such as effective governance or continual improvement;
- Design integrated processes that support both cyber resilience and ITSM:avoid multiple processes that do the same thing in areas like incident management, continuity management, change management and asset management;
- Define integrated end-to-end metrics that are focused on the needs of your customers: separate metrics for cyber resilience and ITSM can encourage behaviours which are not joined up;
- Encourage collaboration between your cyber resilience and ITSM people:ensure true collaboration by defining integrated processes and metrics as part of a holistic management system that meets all your needs across the whole cyber resilience lifecycle.
Nick Wilding, AXELOS Head of Cyber Resilience, said: “Effective cyber resilience must focus on aligning strategic priorities, service management tools, operational systems and architectures with ongoing training and involvement of all employees. Organizations which encourage greater collaboration between their cyber resilience and ITSM teams have a greater chance of recognizing, responding to and recovering from cyber-attacks effectively.”
AXELOS has recently launched a new Cyber Resilience Best Practice portfolio – RESILIA™ - which is aimed at putting employees at the centre of an organization’s cyber resilience strategy. It includes a Best Practice Guide aligned with ITIL®, the most widely adopted service management framework used by thousands of organizations worldwide.
Nick added: “Organizations already using ITIL for service management will find that cyber resilience can easily be integrated into this existing management systems, with cyber resilience controls and management becoming an extension of existing business-as-usual processes.”
Read the full white paper, Cyber resilience and ITSM: working together to secure the information your business relies on.