ITIL (IT Infrastructure Library) provides a framework for IT service management (here). Organizations that are moving from reactive, element and operations management to service management, and business alignment, in their quest to mature IT often leverage ITIL principles and concepts. Although there has been tremendous demand for ITIL in the security space, there has been a lack of guidance for security management. Most organizations that look to frameworks, guidelines or best pratices typically use ISO17799/BS27001, NIST 800-53 (government) COBIT, or COSO and try to map these to other IT domains.
ITIL will be release version 3 of the ITIL framework in the spring and according to an article in computerworld it will include a greater emphasis on security management (here) this is more evidence of the maturation and evolution of security, its convergence with operations, and the need for the business to embrace security as a critical function of the business (here), (here), and (here). I have not seen the modifications but will review them shortly, but it is a good thing when security is elevated as part of IT best practices – of course they have to actually execute it properly