What is ITIL IT Security management? | Article 12

In my previous articles I have given multiple practices which are useful for ITIL v4 foundation examination. Those are IT change management,Incident management,continual improvement management.service desk e.t.c. Those are very important topics for ITIL v4 examination .With those topics some more practices are also very important in ITIL. I would like to discuss one practice in detail in this article. ITIL IT security management practice is another important practice in ITIL v4. I will not go through the details of this practice but give you information whatever required in ITIL v4 examination. The purpose statement is very important for ITIL v4 examination.

Article will contain :

What is IT security and IT security management purpose statement?

Purpose of IT security management

What is ITIL IT security Management ?

In this section I would like to give you information about IT security management in detail. The IT security management is nothing but fitting security in IT in organizational level.

The Purpose statement for IT security management :

To protect the information needed by the organization

Keyword to remember :

To protect the information

Features of IT Security :


We need to ensure that we require to check the confidentiality of the data.

Example : The password should be encrypted.


We need to keep the integrity for applications.


We need to make sure that the availability of service in business hours.


There should be the proper authentication mechanism


It is assurity that someone can not deny something.

Different phases of IT security management :

There are following 3 phases of IT security management.




 ITIL IT Security management
IT security phases

Prevention : In this phase user needs to prevent the security threats.

Example : Any brute forge attack or ciber attacks needs to be prevented.

Detection : Detect the attacks on system.

Example :

If there is any hacking attack user needs to check the logs and detect these kind of attacks before big impact.

Correction : In this phase user needs to correct the security attacks by following specified approach.

These are above the phases of IT security management.