The ITSM Practice: Elevating ITSM and IT Security Knowledge

Luigi Ferri
  • 5.0 (1)
  • TECHNOLOGY
  • UPDATED WEEKLY

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

  1. MAR 10

    ITIL 5, SCF and the Compliance Illusion

    In this episode of the ITSM Practice Podcast, Luigi Ferri challenges the illusion of security frameworks and compliance culture. Exploring the Secure Controls Framework (SCF), ISO, NIST and ITIL 5, he exposes governance immaturity, framework sprawl and risk misalignment. A sharp reflection on cybersecurity governance, enterprise risk management and why compliance without thinking weakens leadership. In this episode, we answer to: Is compliance replacing real risk-based security governance? Why do organizations accumulate ISO, NIST and SCF instead of clarifying risk ownership? How does ITIL 5 transform control frameworks into accountable governance? Resources Mentioned in this Episode: Compliance Forge website, article "The Secure Controls Framework (SCF) Is The Common Controls Framework (CCF)", link https://complianceforge.com/scf/what-is-the-scf/ Secure Controls Framework website, article "The SCF Makes Compliance A Natural Byproduct of Secure Practices", link https://securecontrolsframework.com/what-is-the-scf/ Secure Controls Framework on GitHub, article "The Secure Controls Framework (SCF) is a meta-framework (framework of frameworks) that maps to over 100 cybersecurity and privacy-related laws, regulations and industry frameworks", link https://github.com/securecontrolsframework/securecontrolsframework Secure Controls Framework website, article "Security, Compliance & Resilience (SCR) Principles", link https://securecontrolsframework.com/domains-principles/ Secure Controls Framework website, article "Secure, Compliant & Resilient Capability Maturity Model (SCR-CMM)", link https://securecontrolsframework.com/free/capability-maturity-model/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    9 min

  2. MAR 3

    ITIL 5 for CIOs: Governing AI-Driven Digital Systems at Scale

    ITIL 5 marks a decisive shift in IT Service Management. Moving beyond ITIL 4, it reframes services as AI-enabled digital product–service systems governed through data-driven decision models. This episode explores governance, accountability, CIO and CISO implications, and why ITIL 5 transforms service management into system leadership in an AI-native world. In this episode, we answer to: How does ITIL 5 redefine IT Service Management in an AI-native environment? What changes from ITIL 4 to ITIL 5 in governance, digital products, and value streams? What does ITIL 5 mean for CIOs and CISOs managing AI-driven digital services? Resources Mentioned in this Episode: ITIL Training Academy website, article "ITIL® (Version 5): Everything New in ITIL Latest Version", link https://www.itil.org.uk/blog/itil-version-5-a-complete-guide ServiceNow website, article "Understanding ITIL 5: What’s New and How It Builds on ITIL 4", link https://www.servicenow.com/community/virtual-agent-forum/understanding-itil-5-what-s-new-and-how-it-builds-on-itil-4/m-p/3478594 Novelvista website, article "ITIL 4 vs ITIL (Version 5): What’s New, Changed, and Refined?", link https://www.novelvista.com/blogs/it-service-management/itil4-vs-itil5 PeopleCert website, article "ITIL Foundation (Version 5)", link https://www.peoplecert.org/browse-certifications/it-governance-and-service-management/ITIL-1/itil-5-foundation-version-50-4154 Tarun Dewat, LinkedIn post "ITIL 5 has officially arrived, and it’s one of the most transformative updates the IT service management world has seen in years", link https://www.linkedin.com/posts/tarun-dewat-699818222_itil-5-has-officially-arrived-and-its-one-activity-7422705091654275073-6AxT ageeogee user on Reddit, post "Will ITIL 5 look more like 3 or 4?", link https://www.reddit.com/r/ITIL/comments/1l4bak8/will_itil_5_look_more_like_3_or_4/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    9 min

  3. FEB 24

    Why IT Maturity Is the Hidden Risk in IT Carve-Outs

    In this episode of The ITSM Practice Podcast, Luigi Ferri explains why IT maturity is the decisive factor in successful IT carve-outs. From dependency mapping to ITIL v3 governance and continuity stress testing, the episode shows how disciplined IT Service Management prevents disruption, cost overruns, and failed separations during complex enterprise transitions. In this episode, we answer to: Where is the real boundary between what IT owns and what a carved-out unit must take? What breaks first when a shared IT service disappears during a carve-out? Why does IT governance need to come before architecture and migration design? Resources Mentioned in this Episode: AvenDATA website, article "What is a carve-out and why is it important?", link https://avendata.com/blog/what-is-a-carve-out-and-why-does-it-matter Umbrex website, article "Stakeholder Alignment and Governance", https://umbrex.com/resources/carve-out-playbook/stakeholder-alignment-and-governance/ Invgate website, article "The most flexible no-code ITSM solution", link https://invgate.com/itsm/itil/itil-service-lifecycle Rezolve AI website, article "ITIL v3: Framework & Best Practices", link https://www.rezolve.ai/blog/itil-v3-framework-best-practices Alloy Software website, article "5 Stages of the ITIL Service Lifecycle: A Simple Guide to Better IT Service Management", link https://www.alloysoftware.com/blog/itil-lifecycle/ Eurostep website, article "Data carve-out best practices: Insights into streamlining data separation for business units", link https://www.eurostep.com/data-carve-out-best-practices-insights-into-streamlining-data-separation-for-business-units/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    8 min

  4. FEB 17

    Why ITIL 4 Is Critical for HITRUST Success

    HITRUST certification is not a shortcut to trust. In this episode of The ITSM Practice Podcast, Luigi Ferri explains why real success with HITRUST depends on operational maturity, disciplined processes, and ITIL 4 practices. Learn how process consistency, evidence, and repeatability are the true foundations of sustainable compliance and security. In this episode, we answer to: Why do many mid-size organizations fail HITRUST despite strong technical controls? How do ITIL 4 practices enable sustainable HITRUST certification? Which process maturity gaps block HITRUST readiness the most? Resources Mentioned in this Episode: HITRUST Alliance website, article "HITRUST CSF Framework overview", link https://hitrustalliance.net/hitrust-framework HITRUST Alliance website, article "HITRUST CSF Control Maturity Evaluation Guide", link https://hitrustalliance.net/hubfs/Download%20Center%20%2B%20Partner%20Content/Evaluating-Control-Maturity-Using-the-HITRUST-Approach.pdf Schneider Downs website, article "Complete Guide to HITRUST Certification", link https://schneiderdowns.com/guide-to-hitrust-certification/ Tevora website, article "HITRUST Certification Top Strategies for Effective Evidence Collection", link https://www.tevora.com/resource/hitrust-certification-top-strategies-for-effective-evidence-collection/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    8 min

  5. FEB 10

    FISMA in the Cloud: What Midsize Security Teams Need to Know

    In this episode of The ITSM Practice Podcast, we explore what FISMA really means for midsize, cloud-native security teams. Using real-world scenarios, we explain why FISMA was built for federal systems, where it clashes with cloud responsibility models, and how a risk-based adoption strengthens governance without falling into compliance theatre. In this episode, we answer to: Do FISMA controls apply to cloud-native and SaaS-based environments? How can midsize companies use FISMA without full federal-style compliance? Why is risk-based adoption more effective than checklist compliance in the cloud? Resources Mentioned in this Episode: CISA website, Federal Information Security Modernization Act page, link https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act NIST website, NIST Special Publication 800-53, link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf Secureframe website, article "FISMA Compliance: What It Is and How to Achieve It", link https://secureframe.com/hub/nist-800-53/fisma-compliance Security Compass website, article "ISO 27001 vs NIST 800-53", link https://www.securitycompass.com/blog/iso-27001-vs-nist-800-53/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    8 min

  6. FEB 3

    ISO 27001 & ISO 42001: Governing AI Risk

    As AI expands the security perimeter, CISOs face new questions about data, trust, and accountability. This episode explains how combining ISO/IEC 27001 and ISO/IEC 42001 creates a unified governance engine for information security and AI governance. Learn how mid-size organizations can turn AI risk, transparency, and compliance into a strategic advantage. In this episode, we answer to: How does AI change the traditional security perimeter defined by ISO 27001? Why is ISO 42001 essential to govern AI risk, fairness, and explainability? How can CISOs clearly explain to customers where AI uses and sends their data? Resources Mentioned in this Episode: De.iterate website, article "ISO 42001 Certification: Benefits, Challenges, and Real-World Applications", link https://deiterate.com/2025/02/26/iso-42001-certification-benefits-challenges-and-real-world-applications/ Cherry Bekaert website, article "ISO 42001 vs. ISO 27001: Data Protection for Scaling Your Professional Services Firm", link https://www.cbh.com/insights/articles/data-protection-for-professional-services-firms/ Mitratech website, article "ISO 42001 & AI Risk: Strengthen Third-Party Compliance", link https://mitratech.com/resource-hub/blog/iso-42001-ai-risk-strengthen-third-party-compliance/ Walter Haydock blog, article "How we implement ISO 42001 control A.10.3 and help clients do the same to manage AI vendor risk", link https://blog.stackaware.com/p/iso-42001-annex-a-control-10-3-supplier-risk-management Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    9 min

  7. JAN 27

    Payment Security by Design with PCI P2PE

    In this episode of The ITSM Practice Podcast, Luigi Ferri explains why PCI P2PE is not just encryption but a security-by-design discipline. Learn how point-to-point encryption eliminates clear-text card data, reduces breach impact, simplifies PCI compliance, and integrates with ITIL governance to protect trust from the first millisecond of payment. In this episode, we answer to: What is PCI P2PE and why is it critical for modern payment security and PCI DSS compliance? How does P2PE reduce breach exposure and change merchant compliance obligations? Why are governance, the PIM, and ITIL practices essential to keeping P2PE effective over time? Resources Mentioned in this Episode: PCI website, white paper "P2PE At a Glance", link https://www.pcisecuritystandards.org/documents/P2PE_At_a_Glance_v3.pdf PCI website, white paper "Point-to-Point Encryption", link https://www.pci-dss.gr/media/1934/p2pe_hybrid_v111.pdf Payway website, article "Protect Cardholder Data with P2PE", link https://www.payway.com/blog/how-to-keep-yourself-out-of-the-news-with-p2pe Bluefin website, article "What is Point-to-Point Encryption (P2PE)?", link https://www.bluefin.com/payment-security/pci-p2pe-faq/ Ingenico website, article "3 Things to Know About P2PE v3.0", link https://ingenico.com/de/node/818 Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    10 min

  8. JAN 20

    ITIL v3 as the Backbone of eSIM Security

    In this episode of The ITSM Practice Podcast, Luigi Ferri explains how ITIL v3 processes enable compliance with GSMA SAS-SM for secure eSIM provisioning. Discover how governance, service design, change, and continual improvement turn security from theory into an auditable, operational discipline in modern telecom environments. In this episode, we answer to: How can ITIL v3 processes support GSMA SAS-SM certification for eSIM management? What operational evidence is required to prove secure remote SIM provisioning? How do governance and continual improvement help maintain long-term SAS-SM compliance? Resources Mentioned in this Episode: GSMA website, article "Security Accreditation Scheme (SAS)", link https://www.gsma.com/solutions-and-impact/industry-services/assurance-services/security-accreditation-scheme-sas/ GSMA website, article "eSIM Compliance", link https://www.gsma.com/solutions-and-impact/technologies/esim/compliance/ IT Process Maps website, article "IT Security Management", link https://wiki.en.it-processmaps.com/index.php/IT_Security_Management? Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    12 min
See All (137)

About

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

Information

You Might Also Like