ITIL Based Service Level Management if SLAs Cover Security

Current level of information technology creates new perspectives for more IT service oriented market. Quality of these services requires slightly different approach then was applied for products including software. No IT services are delivered and supported in risk free environment. Risks would be considered consistently with IT services quality gaps from Service Level Management (SLM) perspective. SLM is one of ITIL modules that are widely used within the IT service industry. We identified some weaknesses in how SLM is developed in ITIL environment if service level agreement (SLA) has cover Security. We argue that in such cases Architecture modeling and risk assessment approach let us effectively control analytical effort that relates to risks identification and understanding. Risk driven countermeasures designed in a next step (Risk treatment) have significant impact to the SLM especially from responsibility perspective. To demonstrate SLM's importance in real practice we analyze SLA synthesize process in CCI (Cyber Critical Infrastructure) environment.