Total views : 2405

A Best Practice Approach for Integration of ITIL and ISO/IEC 27001 Services for Information Security Management


  • Department of Computer Engineering, North Tehran Branch, Islamic Azad University, Tehran, Iran, Islamic Republic of
  • Department of Computer Engineering, Zanjan Branch, Islamic Azad University, Zanjan, Iran, Islamic Republic of


This paper explores the role of information security management within ITIL service management and how ITIL and ISO/IEC 27001 are aligned and can work together to improve information security management.


Information security Management, Integration, Organization, ITIL, ISO/IEC 27001, Best Practice

Full Text:

 |  (PDF views: 4567)


  • Boehmer W (2008) Appraisal of the effectiveness and efficiency of an Information Security Management System based on ISO 27001. Proc. Second Int. Conf. Emerging Security Information, Sys. & Technologies. pp: 224-231.
  • Esmaili HB, Gardesh H and Shadrokh Sikari SH (2010) Strategic Alignment: ITIL Perspective. Proc. 2nd Intl. Conf. Comput. Technol. & Develop. (ICCTD). pp: 550-555.
  • Humphreys E (2008) Information security management standards: Compliance, governance and risk management. J. Info. Secur. Tech. Rep. 13(4), 247-255.
  • International Organization for Standardization (ISO) (2005a) ISO/IEC FDIS 17799 Information Technology — Security Techniques — Code of Practice for Information Security Management, ISO/IEC FDIS 17799:2005(E), Geneva.
  • International Organization for Standardization (ISO) (2005b) ISO/IEC 27001 Information technology- Security techniques- Information security management systemsrequirements, ISO/IEC 27001:2005(E). ISO Copyright Office. Published in Switzerland.
  • Jaschob A and Tsintsifa L (2006) IT-Grundschutz: Two-Tier risk assessment for a higher efficiency in IT security management. ISSE 2006- Secur Electro Bus Process. Inform. Secur. Solut. Eur. Conf. Rome, Italy. pp: 95-101.
  • Larrocha ER, Minguet JM, Diaz G, Castro M and Vara A (2010) Filling the gap of Information Security Management nside ITIL®: proposals for postgraduate students. IEEE EDUCON Edu. Engg. pp: 907-912.
  • Office of Government Commerce (OGC) (2007) ITIL V3- Service design book, The Stationery Office, UK.
  • Pereira T and Santos H (2010) A security audit framework to manage Information system security. J. Comms. Comput. Inform. Sci. 92: 9:18.
  • Rezakhani A, Hajebi A and Mohammadi N (2010) Standardization of all Information Security Management Systems. Int.J.Comput.Appl. 18(8), 4-8.
  • Sahibudin Sh, Sharifi M and Ayat M (2008) Combining ITIL, COBIT and ISO/IEC 27002 in order to design a comprehensive IT framework in organizations. Proc. 2nd Asia Intl. Conf. Modelling & Simulation. pp:749-753.
  • Solms B (2005) Information Security governance: COBIT or ISO 17799 or both? J. Comput. Secur. 24, 99-104.
  • Taylor G (2008) ITIL V3 Improves Information Security Management. East Carolina Univ., Jul 11.
  • Thomson KL and Solms R (2005) Information security obedience: a definition. J. Comput. Secur. 24(1),69-75.
  • Tsohou A, Kokolakis S, Lambrinoudakis C, Gritzalis S (2010) Information Systems Security Management: A Review and a Classification of the ISO Standards. J. Next Generat. Soc. Technol. Leg Issues. 26: 220:35.
  • Warre KV (2010) Security controls in service management. SANS Institute reading room. from
  • Wegmann A, Regev G, Garret G, Marechal F (2008) Specifying Services for ITIL Service Management. Proc. Int. Workshop Service-Oriented Computing Consequences for Engineering Requirements (SOCCER'08). pp:1-8.
  • Zegers N (2006) A methodology for improving information security incident identification and response. Master Thesis Inform.& Econom, Erasmus Univ. Rotterdam.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.