ITIL 5, SCF and the Compliance Illusion episode artwork

EPISODE · Mar 10, 2026 · 8 MIN

ITIL 5, SCF and the Compliance Illusion

from The ITSM Practice: Elevating ITSM and IT Security Knowledge · host Luigi Ferri

In this episode of the ITSM Practice Podcast, Luigi Ferri challenges the illusion of security frameworks and compliance culture. Exploring the Secure Controls Framework (SCF), ISO, NIST and ITIL 5, he exposes governance immaturity, framework sprawl and risk misalignment. A sharp reflection on cybersecurity governance, enterprise risk management and why compliance without thinking weakens leadership.In this episode, we answer to:Is compliance replacing real risk-based security governance?Why do organizations accumulate ISO, NIST and SCF instead of clarifying risk ownership?How does ITIL 5 transform control frameworks into accountable governance?Resources Mentioned in this Episode:Compliance Forge website, article "The Secure Controls Framework (SCF) Is The Common Controls Framework (CCF)", link https://complianceforge.com/scf/what-is-the-scf/ Secure Controls Framework website, article "The SCF Makes Compliance A Natural Byproduct of Secure Practices", link https://securecontrolsframework.com/what-is-the-scf/ Secure Controls Framework on GitHub, article "The Secure Controls Framework (SCF) is a meta-framework (framework of frameworks) that maps to over 100 cybersecurity and privacy-related laws, regulations and industry frameworks", link https://github.com/securecontrolsframework/securecontrolsframework Secure Controls Framework website, article "Security, Compliance & Resilience (SCR) Principles", link https://securecontrolsframework.com/domains-principles/ Secure Controls Framework website, article "Secure, Compliant & Resilient Capability Maturity Model (SCR-CMM)", link https://securecontrolsframework.com/free/capability-maturity-model/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In this episode of the ITSM Practice Podcast, Luigi Ferri challenges the illusion of security frameworks and compliance culture. Exploring the Secure Controls Framework (SCF), ISO, NIST and ITIL 5, he exposes governance immaturity, framework sprawl and risk misalignment. A sharp reflection on cybersecurity governance, enterprise risk management and why compliance without thinking weakens leadership.In this episode, we answer to:Is compliance replacing real risk-based security governance?Why do organizations accumulate ISO, NIST and SCF instead of clarifying risk ownership?How does ITIL 5 transform control frameworks into accountable governance?Resources Mentioned in this Episode:Compliance Forge website, article "The Secure Controls Framework (SCF) Is The Common Controls Framework (CCF)", link https://complianceforge.com/scf/what-is-the-scf/ Secure Controls Framework website, article "The SCF Makes Compliance A Natural Byproduct of Secure Practices", link https://securecontrolsframework.com/what-is-the-scf/ Secure Controls Framework on GitHub, article "The Secure Controls Framework (SCF) is a meta-framework (framework of frameworks) that maps to over 100 cybersecurity and privacy-related laws, regulations and industry frameworks", link https://github.com/securecontrolsframework/securecontrolsframework Secure Controls Framework website, article "Security, Compliance & Resilience (SCR) Principles", link https://securecontrolsframework.com/domains-principles/ Secure Controls Framework website, article "Secure, Compliant & Resilient Capability Maturity Model (SCR-CMM)", link https://securecontrolsframework.com/free/capability-maturity-model/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

NOW PLAYING

ITIL 5, SCF and the Compliance Illusion

0:00 8:49

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The ITSM Practice: Elevating ITSM and IT Security Knowledge?

This episode is 8 minutes long.

When was this The ITSM Practice: Elevating ITSM and IT Security Knowledge episode published?

This episode was published on March 10, 2026.

What is this episode about?

In this episode of the ITSM Practice Podcast, Luigi Ferri challenges the illusion of security frameworks and compliance culture. Exploring the Secure Controls Framework (SCF), ISO, NIST and ITIL 5, he exposes governance immaturity, framework sprawl...

Can I download this The ITSM Practice: Elevating ITSM and IT Security Knowledge episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!