IT Security and the Service Desk

Information security and the service desk

I will be delivering a webinar on information security and the service desk next week. Here is a sneak preview of what I’m going to talk about. If you want to join us on Wednesday 10th October at 16:00 UK time (17:00 Central Europe, 11 AM US Eastern, 8 AM US Pacific time) then follow this link to register.


What is information security?

The webinar will start with an overview of information security. What’s it all about, what are we trying to protect, what might go wrong? This webinar will help you understand the difference between confidentiality, integrity and availability, and the different types of attack that might impact these.  We’ll share some stories of how attacks have affected other organizations, and help you think about how to avoid suffering the same fate.

I’ll talk to you about how good risk management can help you get the right balance between protecting your assets and enabling people to get on with their work, too much security can be as much of a problem as too little. We’ll also discuss different types of security control and how these can help to protect the confidentiality, integrity, and availability of the information your organization needs to do business. Some controls can help to prevent incidents from occurring, but you also need controls to help you detect incidents when they do occur and to help you correct the situation after you have detected one. Data shows that when an organization suffers a security breach, the average length of time that the attackers remain on the system is about 200 days, if you can detect incidents really fast and correct the situation effectively, then you can massively reduce the impact. I’ll help you think about how to get the balance between these different types of control right.

What is a service desk and how does it contribute to information security?

Just to make sure we all share the same understanding of what a service desk does, I’ll take a few minutes to describe what’s meant by a service desk.  Because a modern service desk is much more than a simple call centre, and there are many different ways in which a service can add value to an organisation


Once we have established a common understanding of information security and service desks, I’ll explain how your service desk can contribute to information security. A service desk that doesn’t contribute to information security may be part of the problem, rather than part of the solution, making security breaches more likely, and resulting in higher impact when breaches do occur. On the other hand, there are many things that a service desk can do that will contribute to preventing security incidents, detecting incidents that couldn’t be prevented, and correcting incidents that have been detected. A great service desk can make a huge difference to how your organization is protected, and thinking about the right precautions for your organisation just might save you from being yet another organization that suffers the embarrassment of a major security breach.


The webinar will conclude with a brief overview of other areas of service management that could contribute to your information security. Organizations with great collaboration between IT service management staff and information security staff are much better placed than those where different parts of the organisation act in isolation.

If you want your service desk to play a valued and valuable role in protecting the information your organization needs to conduct its business, then please join us for the webinar on 10th October.