The ITSM Practice: Elevating ITSM and IT Security Knowledge

Luigi Ferri
  • 5,0 (1)
  • ТЕХНОЛОГИИ
  • ЕЖЕНЕДЕЛЬНО

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

  1. -3 ДН.

    FISMA in the Cloud: What Midsize Security Teams Need to Know

    In this episode of The ITSM Practice Podcast, we explore what FISMA really means for midsize, cloud-native security teams. Using real-world scenarios, we explain why FISMA was built for federal systems, where it clashes with cloud responsibility models, and how a risk-based adoption strengthens governance without falling into compliance theatre. In this episode, we answer to: Do FISMA controls apply to cloud-native and SaaS-based environments? How can midsize companies use FISMA without full federal-style compliance? Why is risk-based adoption more effective than checklist compliance in the cloud? Resources Mentioned in this Episode: CISA website, Federal Information Security Modernization Act page, link https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act NIST website, NIST Special Publication 800-53, link https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf Secureframe website, article "FISMA Compliance: What It Is and How to Achieve It", link https://secureframe.com/hub/nist-800-53/fisma-compliance Security Compass website, article "ISO 27001 vs NIST 800-53", link https://www.securitycompass.com/blog/iso-27001-vs-nist-800-53/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    8 мин.

  2. 3 ФЕВР.

    ISO 27001 & ISO 42001: Governing AI Risk

    As AI expands the security perimeter, CISOs face new questions about data, trust, and accountability. This episode explains how combining ISO/IEC 27001 and ISO/IEC 42001 creates a unified governance engine for information security and AI governance. Learn how mid-size organizations can turn AI risk, transparency, and compliance into a strategic advantage. In this episode, we answer to: How does AI change the traditional security perimeter defined by ISO 27001? Why is ISO 42001 essential to govern AI risk, fairness, and explainability? How can CISOs clearly explain to customers where AI uses and sends their data? Resources Mentioned in this Episode: De.iterate website, article "ISO 42001 Certification: Benefits, Challenges, and Real-World Applications", link https://deiterate.com/2025/02/26/iso-42001-certification-benefits-challenges-and-real-world-applications/ Cherry Bekaert website, article "ISO 42001 vs. ISO 27001: Data Protection for Scaling Your Professional Services Firm", link https://www.cbh.com/insights/articles/data-protection-for-professional-services-firms/ Mitratech website, article "ISO 42001 & AI Risk: Strengthen Third-Party Compliance", link https://mitratech.com/resource-hub/blog/iso-42001-ai-risk-strengthen-third-party-compliance/ Walter Haydock blog, article "How we implement ISO 42001 control A.10.3 and help clients do the same to manage AI vendor risk", link https://blog.stackaware.com/p/iso-42001-annex-a-control-10-3-supplier-risk-management Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    9 мин.

  3. 27 ЯНВ.

    Payment Security by Design with PCI P2PE

    In this episode of The ITSM Practice Podcast, Luigi Ferri explains why PCI P2PE is not just encryption but a security-by-design discipline. Learn how point-to-point encryption eliminates clear-text card data, reduces breach impact, simplifies PCI compliance, and integrates with ITIL governance to protect trust from the first millisecond of payment. In this episode, we answer to: What is PCI P2PE and why is it critical for modern payment security and PCI DSS compliance? How does P2PE reduce breach exposure and change merchant compliance obligations? Why are governance, the PIM, and ITIL practices essential to keeping P2PE effective over time? Resources Mentioned in this Episode: PCI website, white paper "P2PE At a Glance", link https://www.pcisecuritystandards.org/documents/P2PE_At_a_Glance_v3.pdf PCI website, white paper "Point-to-Point Encryption", link https://www.pci-dss.gr/media/1934/p2pe_hybrid_v111.pdf Payway website, article "Protect Cardholder Data with P2PE", link https://www.payway.com/blog/how-to-keep-yourself-out-of-the-news-with-p2pe Bluefin website, article "What is Point-to-Point Encryption (P2PE)?", link https://www.bluefin.com/payment-security/pci-p2pe-faq/ Ingenico website, article "3 Things to Know About P2PE v3.0", link https://ingenico.com/de/node/818 Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    10 мин.

  4. 20 ЯНВ.

    ITIL v3 as the Backbone of eSIM Security

    In this episode of The ITSM Practice Podcast, Luigi Ferri explains how ITIL v3 processes enable compliance with GSMA SAS-SM for secure eSIM provisioning. Discover how governance, service design, change, and continual improvement turn security from theory into an auditable, operational discipline in modern telecom environments. In this episode, we answer to: How can ITIL v3 processes support GSMA SAS-SM certification for eSIM management? What operational evidence is required to prove secure remote SIM provisioning? How do governance and continual improvement help maintain long-term SAS-SM compliance? Resources Mentioned in this Episode: GSMA website, article "Security Accreditation Scheme (SAS)", link https://www.gsma.com/solutions-and-impact/industry-services/assurance-services/security-accreditation-scheme-sas/ GSMA website, article "eSIM Compliance", link https://www.gsma.com/solutions-and-impact/technologies/esim/compliance/ IT Process Maps website, article "IT Security Management", link https://wiki.en.it-processmaps.com/index.php/IT_Security_Management? Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    12 мин.

  5. 13 ЯНВ.

    Why Mature ITSM Programs Fail?

    Why do mature ITSM programs still fail? This episode explores the hidden risks behind ITSM stagnation, loss of executive sponsorship, outdated KPIs, rigid processes, and misaligned culture. Learn how to sustain ITSM maturity through continual improvement, business-aligned metrics, leadership engagement, and evolution in the age of automation and AI. In this episode, we answer to: Why do mature ITSM programs fail despite successful ITIL adoption? How does loss of executive sponsorship undermine IT Service Management sustainability? How can ITSM processes and KPIs evolve to support automation, AI, and business agility? Resources Mentioned in this Episode: Keith D. Sutherland, Lawrence J. "Butch" Sheets, book "A Practical Guide to Service Management: Insights from industry experts for uncovering, implementing, and improving service management practices", link https://www.amazon.de/-/en/Keith-D-Sutherland/dp/1804612502 TOPdesk website, article "5 ITSM implementation pitfalls to avoid", link https://www.topdesk.com/en/blog/itsm-implementation-pitfalls/ Sunrise website, article "Why ITSM implementations often fail?", link https://www.sunrisesoftware.com/blog/why-itsm-implementations-often-fail ITSM Tools website, article "10 Common ITSM Mistakes and How to Avoid Them", link https://itsm.tools/10-common-itsm-mistakes-and-how-to-avoid-them/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    9 мин.

  6. 6 ЯНВ.

    From Readiness to Action: Building Your AI Roadmap

    In this episode of The ITSM Practice Podcast, Luigi Ferri moves from AI theory to execution, explaining how medium-sized organizations can define AI use cases, assess data and infrastructure, build skills, and scale pilot projects. The focus is on creating a practical AI roadmap for IT Service Management with measurable, sustainable outcomes. In this episode, we answer to: How can organizations identify the right AI use cases for IT Service Management? What data, infrastructure, and skills are required to scale AI initiatives successfully? How can IT leaders manage risks while building a realistic AI roadmap? Resources Mentioned in this Episode: How to Assess AI Readiness for Service Delivery, link https://theitsmpractice.gumroad.com/l/HowtoAssessAIReadinessforServiceDelivery KPMG website, article "AI Governance: Factors for Success", link https://kpmg.com/de/en/home/insights/2025/04/ki-governance-these-are-the-factors-for-success.html IBM website, article "What is AI governance?", link https://www.ibm.com/think/topics/ai-governance Deepchecks website, article "Understanding the AI Maturity Model: Advancing Your Organization’s AI Capabilities", link https://www.deepchecks.com/understanding-the-ai-maturity-model-advancing-your-organizations-ai-capabilities/ Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    9 мин.

  7. 30.12.2025

    Are We Really Ready for AI?

    In this episode of The ITSM Practice Podcast, Luigi Ferri explores AI readiness for service desks and ITSM in medium-sized organizations. Going beyond tools and automation, the discussion focuses on leadership, governance, culture, and skills needed to adopt and scale AI responsibly and align AI initiatives with real business value. In this episode, we answer to: Are medium-sized organizations really ready for AI in ITSM and service delivery? What does AI readiness mean beyond automation and technology? How can leaders assess governance, skills, and culture before adopting AI? Resources Mentioned in this Episode: How to Assess AI Readiness for Service Delivery, link https://theitsmpractice.gumroad.com/l/HowtoAssessAIReadinessforServiceDelivery IMD website, article "AI Maturity Index", link https://www.imd.org/artificial-intelligence-maturity-index/ Boston Consulting Group website, article "When Companies Struggle to Adopt AI, CEOs Must Step Up", link https://www.bcg.com/publications/2025/when-companies-struggle-to-adopt-ai-ceos-must-step-up Cloud Security Alliance website, article "A Guide On How AI Pilot Programs are Shaping Enterprise Adoption", link https://cloudsecurityalliance.org/blog/2025/03/28/a-guide-on-how-ai-pilot-programs-are-shaping-enterprise-adoption Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    11 мин.

  8. 23.12.2025

    How to Build a GRC Framework for Fintech Startups

    Learn how to build a solid GRC foundation for fintech growth in the EU. We break down governance, risk management, and compliance essentials to help startups scale, earn investor trust, and meet PSD2, GDPR, DORA, MiCA, AML expectations from day one. In this episode, we answer to: How do you set up an effective GRC framework for a fintech startup in the EU? Why must European fintechs prioritize compliance, risk, and governance early to scale safely? What roles, processes, and oversight are essential to meet PSD2, GDPR, DORA, AML requirements? Resources Mentioned in this Episode: European Central Bank (ECB) website, article "The PSD2 supports innovation and competition in retail payments … and enhances the security of payment transactions and the protection of consumer data.", link https://www.ecb.europa.eu/press/intro/mip-online/2018/html/1803_revisedpsd.en.html? Deloitte website, article "The Revised Payment Services Directive (PSD2)", link https://www.deloitte.com/lu/en/Industries/banking-capital-markets/research/psd2-revised-payment-services-directive.html? European Parliament website, article "GDPR: Overview of the EU General Data Protection Regulation", link https://europa.eu/youreurope/business/dealing-with-customers/data-protection/data-protection-gdpr/index_en.htm?utm_source=chatgpt.com German BaFin website, article "Prevention of money laundering and terrorist financing", link https://www.bafin.de/EN/Aufsicht/Geldwaeschepraevention/geldwaeschepraevention_node_en.html? ESMA website, article "Official summary from authoritative EU sources: Digital Operational Resilience Act (DORA)", link https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora? ESMA website, article "Official overview by the European Securities and Markets Authority (ESMA): Markets in Crypto-Assets Regulation (MiCA)", link https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica?utm_source=chatgpt.com Connect with me on: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Website: http://www.theitsmpractice.com And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security. Credits: Sound engineering by Alan Southgate - http://alsouthgate.co.uk/ Graphics by Yulia Kolodyazhnaya

    10 мин.
См. все (133)

Об этом подкасте

Join Luigi Ferri, an experienced ITSM & IT Security Professional, in 'The ITSM Practice.' Explore IT Service Management and IT Security, uncovering innovations and best practices with insights from leading organizations like Volkswagen Financial Services, Vodafone, and more. Each episode offers practical guides and expert discussions for learning and growth. Ideal for all ITSM and IT Security Professionals! Stay Connected: LinkedIn: https://www.linkedin.com/in/theitsmpractice/ Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com

Информация