The security management procedure of ITIL® or Information Technology Infrastructure Library uses the information security management based from the code of practice also referred to as ISO/IEC 17799. It defines the appropriate standards as structured by the code. The concept of security management of TITL is basically about information security. The primary purpose of securing information is to make sure that the information is always safe from any unwanted access by others. When information is protected, it is the information’s value that is protected. The values that are being specified are the confidentiality of the information, the integrity and the availability of the data that must be protected. The information must at all times be private, anonymous, and must be verified for it to be always reliable whatever is its purpose.
The objective of security management is to realize the requirements for security as described in the service level agreement and other outside requirements that are external and are specified in contracts, policies and legislation. It is also the aim of security management to make the parties involved understand the basic level of security which is necessary to have a simpler management of service level for the security of the information. The process of security management is related to many procedures in the Information Technology Infrastructure Library processes. Security management covers the information security requirements for almost all information technology organizations as it sets the procedures by which the IT organization can securely manage all its internal and external information and operations.