When we talk about Change IT Management, it may be concerned with the Change Management
Process (particularly when used in implementation of ITIL® Security Management plans.)
Change Management is a broad term used to describe handling an organizational shift from
the present state of things to a desired future state. ITIL® Security Management means
handling security concerns based on information security management best practices.
Information security covers guaranteeing that the integrity, confidentiality and
availability of the information is protected at all times.
Implementation can be divided into certain sub-categories which are, namely, classification
and management of IT applications; implementation of personnel security; implementation of
Secure Management; implementation of Access control; and lastly reporting.
To say that the ITIL® Security Management has been implemented, it means that the whole plan
has been followed as it was designed.
Another key concept in implementation would cover the Asset Classification and Control
Documents. This means listing down assets covered thoroughly, with responsibility
designated to guarantee that security is satisfactory and can be sustained.
Personnel security would mean that all staff (or personnel) and their respective roles and
responsibilities with regards to security are documented based on their individual job
Security policies would be the files detailing what rules and requirements covering
organizational security systems need to be followed.
And when we talk about Access control, this pertains to handling Network Management with an
emphasis on granting access to sensitive data about the networks and and security of
information infrastructure only to authorized personnel.