Trellix logo
Trellix Xpand Live
Register Now

September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.

Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Gartner Marketplace Guide (XDR)
Gartner® Report: Market Guide for XDR

As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."

The Threat Report - Summer 2022
Latest Report

Our Summer 2022 threat report details the evolution of Russian cybercrime, research into medical devices and access control systems, and includes analysis of email security trends.

Critical Flaws in Widely Used Building Access Control System
Critical Flaws in Widely Used Building Access Control System

At Hardwear.io 2022, Trellix researchers disclosed 8 zero-day vulnerabilities in HID Global Mercury access control panels, allowing them to remotely unlock and lock doors, modify and configure user accounts and subvert detection from management software.

Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Trellix Xpand Live
Register Now

September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.

What Is Information Security Management and Operations?

The Information Technology Infrastructure Library (ITIL) defines information security management as the process that “aims to ensure the confidentiality, integrity and availability of an organization's information, data and IT services. ITIL Security Management usually forms part of an organizational approach to security management which has a wider scope than the IT Service Provider.”

Security management achieves its goal of aligning IT and business security by managing a defined level of security controls on the risks of information and IT services. These are achieved through a set of security policies.

Therefor if security management is the alignment of goals and objectives, security operations is defined by the ongoing implementation and execution of IT services and processes in a secure manner. Together, they form an essential framework to protect information assets of an organization.

Examples of common data security policies


Security policies typically look at the information assets from a lens of protecting confidentiality, integrity, and availability. Organizations that follow standards such as ISO 27001 generally should have policies that address the following information security management functions:

  • Access control
  • Asset management
  • Business continuity
  • Communications security
  • Compliance
  • Cryptography
  • Human resources security
  • Incident response
  • Operational security
  • Physical and environmental security
  • Supplier relationships

While the list above is not exhaustive, the idea is that a solid policy framework will address people, process, products and technology, and partners and suppliers. Generally accepted best practice is to make these policies available to all employees and suppliers and to review policies for changing business and legal requirements every 12 months.

Security frameworks and standards


A widely accepted goal of information security management and operations is that the set of policies put in place—an information security management system (ISMS)—should adhere to global standards. ISO 27001 is the de facto global standard. ITIL security management best practice is based on the ISO 270001 standard.

Another framework or ISMS that is gaining wider acceptance within the United States is the National Institute of Standards and Technology (NIST) cybersecurity framework. According to NIST, the framework "focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization's risk management processes."

Security technologies


Correlating the terabytes of data that a large enterprise produces, requires an effective security monitoring system that can scale with the data challenge, as well as incorporate data gathered from diverse sources such as devices, networks, and log and event sources. SOCs have been typically built around a hub-and-spoke architecture, where a security information and event management (SIEM) system aggregates and correlates data from security feeds. Spokes of this model can incorporate a variety of systems, such as vulnerability assessment solutions, governance, risk and compliance (GRC) systems, application and database scanners, intrusion prevention systems (IPS), user and entity behavior analytics (UEBA), endpoint detection and remediation (EDR), and threat intelligence platforms (TIP).