ITIL Security Management is based on the code of practice for information security management also known as ISO/IEC 17799. ITIL is owned by the United Kingdom's Office of Government Commerce. The OGC's site provides information on how to get ITIL documentation. There's also a handbook for implementing ITIL. The current move towards ISO/IEC 27001 may require some revision to the ITIL Security Management best practices which are often claimed to be rich in content for physical security but weak in areas such as software/application security and logical security in the ICT infrastructure.
Using Prince2 method means that documents, logs and lists have to be written, its usage in small projects if the scalability of Prince2 is not understood and applied, implies a relatively large volume of work . Common costs associated with ITSCM are the expenses incurred from risk management and recovery arrangements. IT Service Management Training PRINCE2 advocates product based planning which means that the first task when planning is to identify and analyse products.
SAM represents the software component of IT asset management, which also includes hardware asset management (to which SAM is intrinsicly linked by the concept that without effective inventory hardware controls, efforts to control the software thereon will be significantly inhibited). The ITSC manager will ensure that the ITSCM process is implemented and maintained in accordance with the organization's requirements and business continuity management process.
It is important to have a focal point for reporting incidents and making service requests.
