First, a word about ITIL® Security Management: this is the part of the ITIL® manuals which is concerned with the security protocols that are set in place in an information technology system, with emphasis on information security in particular.
It is vital that ITIL® Managers get to examine and contribute inputs about security-related cases that may affect correct establishment and implementation of ITIL® Security Management practices within the organization. This is because ITIL® Managers are in a position to diagnose exactly what went wrong in the security system of the IT system; or if not, they may be able to accurately describe the events that took place that led to the discovery of the problem. ITIL® Managers thus function like information security detectives who will hunt down the cause of breakdown in security so that it will never happen again.
ITIL® Security Management derives its importance from the fact that there are stipulations in national and international laws, legally-binding contracts like Service Level Agreements, and both internally- and externally-used policies that require the organization to guarantee security of all information that passes through its portals. Another reason for the importance of ITIL® Security Management is that no organization will be able to continue operating if there are severe or even minor breaches in its security protocols.
It should not be thought that ITIL® Security Management functions in a vacuum, independent of the other areas of concern in ITIL®. Rather, it is interrelated with the other ITIL® areas of concern such as Change Management, Problem Management, Incident Management and Service Desk, Release Management, Configuration Management, IT Service Continuity Management, Capacity Management, Availability Management, Service Level Management, and of course IT Customer Relationship Management.
Indeed, every organization has to be concerned about security breaches because no customer (regardless of whether that customer is a corporate client or simply a John Doe or Jane Doe) will stand for his data being compromised by poor security systems in the IT system of the organization.