AppSec Knowledge Base

INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY

Improving IT security with the Information Technology Infrastructure Library.

The Information Technology Infrastructure Library is a set of documents that details best practices for creating and managing the security of IT infrastructure within an organization. The Information Technology Infrastructure Library is intended to help organizations improve how security measures are implemented and managed. Using a framework of widely recognized security standards, the Information Technology Infrastructure Library enables organizations to prioritize aspects of their infrastructure that should be improved and to avoid security improvements will not affect the business directly. Ultimately, the Information Technology Infrastructure Library can help organizations develop a comprehensive IT program to improve security on many fronts.

Core areas of the Information Technology Infrastructure Library.

The Information Technology Infrastructure Library is published as a series of five core volumes, each covering a different stage of the IT service management lifecycle. These include:

  • Service strategies
  • Service design
  • Service operation
  • Service transition
  • Continual service improvement

Each volume covers processes, procedures, tasks and checklists which can be used by an organization to develop strategy, implement best practices and establish a baseline of security protocols. The Information Technology Infrastructure Library can also be helpful in demonstrating compliance and measuring improvement.

Application security testing and the Information Technology Infrastructure Library.

Leveraging the Information Technology Infrastructure Library, organizations can develop security strategies that go far beyond virus protection and network security firewall technology to put programs in place to defend against a rapidly evolving threat universe.

Application security is one of the most important aspects of security in the Information Technology Infrastructure Library, and Veracode can help to develop programs in this area.

Veracode is a leading provider of application security testing solutions, offering on-demand testing services through a cloud-based platform. With a suite of powerful and easy-to-use technologies, we enable development teams and IT administrators to test software for flaws and vulnerabilities at any point in the SDLC when building microservices, desktop applications, web apps and mobile applications. Our testing services enable developers to find and fix flaws such as SQL injection, cross site scripting, cryptographically insecure storage and many more. 

From guiding developers as code is being written to application and web scanning services for software in development and in production, we make it easy to embed security throughout the SDLC and to implement best practices as defined by the Information Technology Infrastructure Library.

Learn more about the Information Technology Infrastructure Library and Veracode, or visit our AppSec knowledge base for a spoofing definition and answers to questions like “What is DLP?

 

 

contact menu