
ITIL 5, SCF and the Compliance Illusion
From The ITSM Practice: Elevating ITSM and IT Security Knowledge by Luigi Ferri
March 10, 2026 · 9 min · Season 3 · Episode 2
About this episode
Luigi Ferri challenges the illusion of security frameworks and compliance culture while exploring governance immaturity and risk misalignment.
In this episode of the ITSM Practice Podcast, Luigi Ferri challenges the illusion of security frameworks and compliance culture. Exploring the Secure Controls Framework (SCF), ISO, NIST and ITIL 5, he exposes governance immaturity, framework sprawl and risk misalignment. A sharp reflection on cybersecurity governance, enterprise risk management and why compliance without thinking weakens leadership. In this episode, we answer to: Is compliance replacing real risk-based security governance? Why do organizations accumulate ISO, NIST and SCF instead of clarifying risk ownership? How does ITIL 5 transform control frameworks into accountable governance? Resources Mentioned in this Episode: Compliance Forge website, article "The Secure Controls Framework (SCF) Is The Common Controls Framework (CCF)", link https://complianceforge.com/scf/what-is-the-scf/ Secure Controls Framework website, article "The SCF Makes Compliance A Natural Byproduct of Secure Practices", link https://securecontrolsframework.com/what-is-the-scf/ Secure Controls Framework on GitHub, article "The Secure Controls Framework (SCF) is a meta-framework (framework of frameworks) that maps to…
People in this episode
Host: Luigi Ferri
Topics covered
- security frameworks
- compliance culture
- cybersecurity governance
- enterprise risk management
- ITIL 5
- risk ownership
Keywords
- security frameworks
- compliance
- ITIL 5
- cybersecurity
- risk management
- governance
- ISO
- NIST
- Secure Controls Framework
Mentioned in this episode
Organizations: ISO, NIST, ITIL 5, Compliance Forge, Secure Controls Framework, GitHub
More episodes of The ITSM Practice: Elevating ITSM and IT Security Knowledge
- What DoDAF Can Teach Leaders About Architecture and Complexity · June 9, 2026 · 11 min
- Identity Is the New Perimeter · June 2, 2026 · 10 min
- FINMA and ITIL 4: Building Resilient Swiss Banks · May 26, 2026 · 10 min
- Broken Transmission: Why Fintech Strategy Fails · May 19, 2026 · 6 min
- FINOS vs ISO 42001: What to Choose · May 12, 2026 · 9 min
- Who Owns Cloud Security? · May 5, 2026 · 9 min
Explore listener stats, chart rankings, contacts and more on the The ITSM Practice: Elevating ITSM and IT Security Knowledge podcast page.