To better understand this concept of a marriage between IT operations and IT security operations, let's review the following diagram:

There are two services/processes depicted in the diagram, the ITIL Incident Management Process and the Security Incident Management Process. Individually, they are very simple to understand, but what we want to understand is if one of these processes impacts the other.

Using this as an example of trying to build the communication channels between the two service organizations, we can start by asking some questions:

• Are there any service level agreements in place between these two entities?
• Are there any organizational level agreements in place between these two entities?

If the answer is yes or no, we would next have to understand the following:

• At what point does an IT incident become a security incident?
• At what point does an IT security incident become an IT incident?
• Are there specific items from an IT incident that the IT security incident response should be concerned with? 
  • What are they?
  • How is this communicated to them?
  • How is this followed up?
  • Where is it documented?
• Who is responsible for what during this process?
• Who is accountable for what during this process?
• Who is supporting during this process?
• Who is consulted during this process?
• Who is informed during this process?

Between the managers of the IT incident response and IT security incident response organizations, the goal would be to:

• Understand the information requirement requests from higher management
• Understand the strategic relevance of communicating 
• Develop and establish a collaborative and integrated process
• Develop and establish SLAs/OLAs 
• Develop and establish metrics and accountability for handling the incidents