Virima V6.0 will soon be available with an all-new look, enhanced discovery, mapping and vulnerability features and more. Stay tuned!

Integrating SecOps With Your ITSM: How to Get Started (Part 2)

ITSM & SecOps is a main focus when in control room as its activity is fundamental next to ops

IT Service Management (ITSM) and Security Operations (SecOps) are equally critical to survival and success at many businesses. The need to bring them closer together and how best to accomplish that goal were among the topics discussed in a recent webinar hosted by Virima.

The featured presenters were Taylor Lehman and Mike Bombard. Taylor is Chief Information Security Officer for Wellforce (a partnership of Tufts Medical Center and Floating Hospital for Children), MelroseWakefield Healthcare, and Circle Health in Massachusetts. Mike Bombard is Virima’s Chief Operating Officer.

The first part of this two-part post discussed why ITSM and SecOps must come together, the drivers for their evolution, and some useful first steps toward their convergence. This time out, specific challenges to enablers of ITSM-SecOps convergence, and next steps you can take to bring them together at your business.

ITSM-SecOps Convergence: Challenges

Every IT and business initiative faces multiple challenges. Bringing ITSM and SecOps together is no exception. Broadly, the most significant of these challenges fall into three categories: organizational, technological, and cultural. 

Below are just some of the challenges your business is likely to face when trying to bring ITSM and SecOps together.

Organizational Challenges

  • Do we have the required workforce? 
  • Are they assigned to adequate roles? 
  • How do we eliminate silos of information?

ITSM-SecOps Convergence: Technological Challenges

  • Do we have contingencies in place?
  • Can we procure what is required and unavailable?
  • Do we have the skills to achieve our objectives? 

Cultural Challenges

  • Does our leadership understand why this is important for business?
  • Do we have the right framework and processes in place to see it to success?
  • Can we bridge the cultural gaps to ensure a smooth integration journey?

ITSM-SecOps Convergence: Enablers

Enablers of ITSM-SecOps Convergence can generally be grouped into the same categories as the challenges outlined above.

Organizational Enablers

  • Leadership buy-in
  • Adequate budget
  • Clear goals and solid plans

ITSM-SecOps Convergence: Technological Enablers

  • A business-aligned service catalogue
  • A comprehensive, flexible, CMDB
  • Process-driven automation
  • Actionable, role-specific reporting

 Cultural Enablers

  • Regular cross-functional team meetings
  • Well-defined, well-documented, well-enforced business processes
  • Acknowledgement, recognition, and rewards


ITSM-SecOps: Next Steps

Once you have crafted a strategy and a plan for ITSM-SecOps convergence, you must take the first steps described in Part 1 of this post. You must know your environment, optimize your skills, get executive support, and engage your stakeholders regularly.

After you complete those first steps successfully, it’s time to shift your focus from high-level strategy to specific tactics. Your specific actions may vary in execution, but each project must at least address the steps outlined below.


Identify a Promising Opportunity 

Pick a specific business challenge or opportunity that a better convergence of ITSM and SecOps can help to address.

Devise a Specific Project Plan 

Ensure that the tactics and outcomes delineated in the project plan align with both business goals and the larger aims of your plan for ITSM-SecOps convergence.

Engage Your Teams 

Identify and get the commitment of the people you need to succeed, and ensure they are kept informed of everything they need to know as the project proceeds.

Pursue The Plan 

Make sure it includes regular check-in opportunities and frequent communication, to keep everyone on schedule and to identify and address challenges as quickly as possible.

Distill and Disseminate the Results

Whether reality conforms to plan or deviates from it, make sure the key points of the effort and its results are shared with all stakeholders.

Capture and Store All Relevant Data 

What you learn and experience must inform future ITSM-SecOps convergence efforts. If you don’t have an appropriate repository and supporting processes, use your first ITSM-SecOps convergence project as a spur to create them.

In many cases, that repository should be a configuration management database or CMDB. To maximize your ability to capture all relevant data, ensure that you implement comprehensive, automated IT discovery across your entire IT estate. You also need consistent, reliable automated updating of your CMDB.

(See, “A CMDB without Discovery is just a database”)

These crucial automation steps will help guarantee that your IT and SecOps teams have accurate, complete, and timely information to work from when pursuing ITSM-SecOps convergence.

The webinar includes great discussion and additional observations you will find valuable as you consider and pursue ITSM-SecOps convergence at your business. You can listen to or download the complete webinar here.

Virima features can automatically discover and map your critical IT resources and the interconnections that link them to one another, your applications and services, and your users.

Virima is here to help. To get started, contact us today to schedule a demo and explore the possibilities!

Subscribe to Our Newsletter

More to Explore

Table of contentsWhat is CMDB, and why is it important for your cloud initiatives?CMDBs and change managementCMDBs and incident managementCMDBs and problem managementCompliance reporting made easy with CMDBsImpact analysis with CMDBs and cloud assetsMake better, fact-based decisions with Virima for…

Table of contentsHow does asset discovery work?What types of IT assets can you discover?NetworksServersPCs, laptops, and mobile devicesBenefits of IT asset discoveryLess time spent on cataloging IT assetsBetter and detailed IT reportsStreamlined IT asset acquisitionEnsuring compliance with security policies A single…

Table of contentsWhy stakeholder communications are importantHow to prepare for incident communicationIncident management best practicesCommunication plan High-quality major incident management communication plan Using visualizations in stakeholder communicationsIncident mitigation with visualizations Virima can help you with incident management Incidents are a part of business,…

Table of contentsAsset managementTracking and labeling assets’ locations and states through an asset register Tracking and managing software licenses Managing end-user devicesKeeping tabs and handling decommissioned assetsConfiguration managementIdentifying configuration items in the CMS Controlling  and managing all changes made to assets Understanding impact on…

Some people think that an IT service desk is the same thing as an IT help desk. It isn’t and we’re  going to explain the difference between service desk and help desk. Sure, there are some similarities, but there are…

Table of contentsA CMDB tool can maintain all other tools What is CMDB in ServiceNow?What are ServiceNow CMDB best practices?A few ServiceNow CMDB best practices include:Defining your goalsForming a configuration management teamEstablishing a governance structureUnderstanding configuration item designIntegrating with key business…

Table of contentsStep 1. Determine business objectivesStep 2. CMDB discovery toolsStep 3. ITSM system integrationStep 4. Equip data owners/data stewards with the right toolsStep 5. Data management and retention planStep 6. CMDB: data visualizationLearn more about these steps by watching…

Incident management is crucial while dealing with major incidents. They are the crises that have widespread impacts on your employees, disrupt your operations, and impact your ability to deliver on customer expectations.  While you may assume your company is prepared…

Table of contentsUnderstanding business service mappingA modern approach to business service dependency mappingDiscovery planning processUse casesVirima simplifies service mapping and IT discovery Business service mapping is the area of configuration management that perplexes so many IT professionals. Yet, it provides…

Understanding the Configuration Management Database (CMDB) and its core functions is a critical aspect of service management. The CMDB forms the hub of numerous service management practices and provides a means of correlation needed to deliver business services successfully.   The…

IT asset management (ITAM) and inventory management are both useful practices that can benefit any organization using IT. Inventory management can exist without IT asset management, and in fact, it does in many organizations as it has been in existence…