The Skinny on ITIL

The Information Technology Infrastructure Library (ITIL) is coming to America; early adopters say it's a friendly invasion with security benefits

Post-ITIL, he relates, security is very much a matrix function, relying on people recruited and trained into specific security-oriented positions within ITIL-centered units. Formerly separate functions, such as enterprise network administration and desktop support, now have been folded into the user support services function, with specific people tasked with carrying out the relevant security functions.

"Having these people actually embedded within the organization gives my team much greater visibility into what's actually going onâ¬more so than we could achieve otherwise," says Mathias. "We've seen a significant shift of attitude within the various units: Security is now seen as a business enabler rather than as a bunch of people who just say no."

What's more, the move to an ITIL-centric structure has generated a significant productivity improvement. Immediately following the reorganization, relates Mathias, each unit created a "service catalog" to clarify each organization's roles and responsibilities, and to drive ITIL adoption down one more layer in the company. "There was a lot of overlap and duplication," he says. "In short, we found we could reduce our cost and complexity by putting these people together."

To Mathias, at least, the benefits of ITIL are crystal clear: better governance, better securityâ¬and greater efficiency. And as CISOs across America contemplate following Thomson's lead, it's a useful example to be setting.