Internal SLA (Service Level Agreements) for Information Security

by Eric Hansen
Sept. 1, 2017 0 comments SANS Institute standards

Information security typically suffers due to a lack of serious commitment by an organization on the prevention side of security breaches. Many systems are compromised even after patches or hotfixes have been publicized. The premise of this must be to understand the relationship between the information technology (IT) team and the information security (IS) team. The information security team must view themselves as customers of the information technology team. The IS teams must also see that their activities are common elements within the IT teams service to the enterprise. IS’ three legged stool of Confidentiality, Integrity and Availability certainly coincides with IT’s Total Cost of Ownership (TCO) and Quality of Service (QoS) initiatives.