Security vulnerability

General discussion on all aspects of the IT Infrastructure Library (ITIL)
Post Reply
User avatar
Senior Itiler
Senior Itiler
Posts: 44
Joined: Sun Sep 25, 2005 8:00 pm
Location: Sweden

Tue Apr 09, 2013 10:00 am


It's been a while since I was on the site having been working in a non-process role the last few years. Now I'm back in the ITIL world and working to develop the Transition and Operational processes. This company is in many respects different from any other I have worked with before. Public sector and Swedish as the business language are two big differences.

Anyway on to my issue. The business information security department run an analysis on the providers network every so often and discover vulnerabilities in the infrastructure. An example may be that we are not running the latest firmware software on our servers. This would involve a rollout across the network through the Release and Deployment processes and the work done by the architecture group. My question is what would be the correct routine for processing these vulnerabilities?

One option we have discussed is contact to the SD resulting in a problem record to problem management. Problem management would then be responsible for ensuring that the issue is resolved.

Interested to hear others thoughts though.


User avatar
ITIL Expert
ITIL Expert
Posts: 3639
Joined: Fri Sep 15, 2006 8:00 pm
Location: London, UK

Wed Apr 10, 2013 2:01 am


If it goes though the Change & Relase mgmt process.. then that is the way to go

As to a problem record... why ? A problem record is for something that is unknown underlying root cause

This is Run & Maintain..... activity that require C&RM Process
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
User avatar
Senior Itiler
Senior Itiler
Posts: 55
Joined: Fri Nov 02, 2012 8:00 pm
Location: Singapore

Thu Apr 11, 2013 3:34 am

It should go through Change Management process, Release and Deployment.
Luo, Tian-Hong (Ken)
Regional Operation Lead

ITIL Expert Certified
Post Reply