There are a number of important ways that ITIL can improve how organizations implement and manage information security.
- ITIL keeps information security service and business focused.
- ITIL can enable organizations to develop and implement information security in a structured, clear way based on best practices.
- With its requirement for continuous review, ITIL can help ensure that information security measures maintain their effectiveness as requirements, environments and threats change.
- ITIL establishes documented processes and standards (such as SLAs and OLAs) that can be audited and monitored.
- ITIL provides a foundation upon which information security can build. It requires a number of best practices - such as Change Management, Configuration Management and Incident Management - that can significantly improve information security.
- ITIL enables information security staff to discuss information security in terms other groups can understand and appreciate.
- The organized ITIL framework prevents the rushed, disorganized implementation of information security measures.
- The reporting required by ITIL keeps an organization's management well informed about the effectiveness of their organization's information security measures.
- ITIL defines roles and responsibilities for information security.
- ITIL establishes a common language for discussing information security.