Information Technology Infrastructure Library (ITIL) and Six Sigma
Security products and processes must be integrated into the business side of a company effectively. Different process management models have been developed for the information security industry to address this need. The Information Technology Infrastructure Library (ITIL) is a set of best practices for IT service management. ITIL was created to allow technology to be properly managed in a corporate setting because of the increased dependence on technology to meet business needs. ITIL is a customizable framework that provides goals, activities to achieve these goals, and input and output values for each process. Since security is commonly provided through technology, security has been integrated into this framework to help ensure that the security technology a company implements meets its business units’ needs. Tags: cyber security , six sigma , information technology , infrastructure library ,
Six Sigma is a process improvement methodology that was developed by Motorola with the goal of identifying and removing defects in the company’s manufacturing processes. The goal of this methodology is to improve process quality by using statistical methods that measure operation efficiency and associated defects. The maturity of a process is represented by a sigma rating, which indicates the percentage of defects that the process contains. Some organizations use Six Sigma to improve security assurance by measuring success factors of different security controls and processes.
ITIL and Six Sigma are not as prevalent on the CISSP exam as the Capability Maturity Model Integration (CMMI). CMMI is a process improvement model that came from the engineering world but is commonly used by organizations as a roadmap to allow for controlled, incremental improvements within their security programs.