IT 6' MOF

1
??????????IT 6. MOF ??????
Yu Yong yy_at_yuyong.net ????www.yuyong.net
2
??????????IT??????

• 1. MOF??
• 2. MOF????-?
• 3. MOF????-?
• 4. MOF ????
• 5. MOF????
• 6. MOF ??????

3
????

• Why MOF Embeds Risk Management
• MOF Risk Management Process

4
????

• Risk Possibility of suffering a loss
• May or may not happen if guaranteed, it is not a
  risk
• Loss is relative failure to maximize gain is a
  type of loss
• Risk management Actions to mitigate risk
• Assess continuously what can go wrong
• Determine what risks are important to deal with
• Implement strategies to deal with top risks

5
Operations Needs Risk Management More Today

• Business transactions are increasingly dependent
  on IT
• IT performs tasks formerly done by people
• New forms of business use IT
• Greater risk of IT failure today
• The IT environment is increasingly complex
• Traditional IT directly controls less of the
  infrastructure
• Greater impact on business of IT failure
• Failures impact businesses more quickly
• Failures are more visible

For every new way that IT has of enabling
business, IT operations has a new way of
disabling business!
6
IT???????

• Four main sources of risk in IT operations
• People
• Process
• Technology
• External factors

7
IT????????????

• The MOF risk model has defined four main modes of
  failure
• Performance
• Security
• Agility
• Cost
• The business needs IT services to perform well
  and to be delivered in a secure, agile, and
  cost-effective manner

8
????????????

• Typically, risk management has been primarily the
  concern of change managers and security managers
• Pro
• Addresses business needs in areas of performance
  and security
• Con
• Does not address business needs in areas of
  agility and cost

Traditionally, risk management was delegated to
change management and security managementthis
is no longer sufficient.
9
MOF?????????

• Assess risks continuously
• Integrate risk management into every role and
  every function
• Treat risk identification positively
• Use risk-based scheduling
• Establish an acceptable level of formality

10
Why MOF Embeds Risk Management in All SMFs, Role
Clusters, and Reviews

• MOF embeds risk management in all SMFs, role
  clusters, and reviews because
• Failure can originate within any SMF
• Failure can originate with any team role cluster
  if risk management is not applied to an SMF
• Reviews represent an opportunity to identify
  potential failures originating within SMFs or
  with team role clusters, and bring them to
  managements attention

11
How MOF Embeds Risk Management in All SMFs, Role
Clusters, and Reviews

• MOF embeds risk management in the following ways
• In SMFs by building risk management practices
  into all SMF processes
• In role clusters by training team members in
  and making them accountable for risk management
• In reviews by formally incorporating risk
  management into each review

12
Origin of the MOF Risk Model

• The MOF risk model
• Is based on industry-standard risk management
  principles
• Applies the traditional Microsoft Solutions
  Framework (MSF) risk model to operations
• Incorporates additional input from industry best
  practice, including Information Technology
  Infrastructure Library (ITIL)

13
The 5-Step Risk Management Process
14
Risk Lists

• Risk assessment document
• Serves as master repository for all active risks
• Is constructed during the risk management process
  as each step in the process adds information
  about a particular risk
• Top n risk list
• Helps team focus on most important risks
• Is a subset of master list of risks in risk
  assessment document
• Retired risk list
• Is used as knowledge management tool

15
Step 1 Risk Identification

• Add to the risk assessment document
• Source of risk
• Mode of failure
• Condition
• Operational consequence
• Business consequence
• These five elements make up the risk statement

16
Developing a Risk Statement

• Situation
• A new phone system allows customers to contact
  support technicians directly, bypassing the
  official, approved help desk process. This would
  be counterproductive because although the
  customer might get prompt support, the symptoms
  would not be logged and the root problem would
  not be tracked and resolved.

17
Step 2 Risk Analysis

• Add to the risk assessment document
• Probability of the condition occurring
• Impact of the consequences
• Exposure probability x impact

18
Determining Risk Probability, Impact, and Exposure

• Situation
• Incident management estimates that 20 of each
  days contacts may bypass the official process if
  end users are able to dial technicians directly.
  The impact of losing 20 of the incident reports
  is considered a 4 on a scale of 1 to 5.

19
Step 3 Risk Action Planning

• Add to the risk assessment document
• Mitigations
• Triggers
• Contingencies

20
Determining Mitigations, Triggers, and
Contingencies

• Situation
• Technicians cant prevent customers from calling,
  but they (and IT management) can ask customers
  not to call directly. Technicians can identify
  direct-dial calls by noticing their phones LCD
  displays. When a direct-dial call is detected,
  the technician can explain the situation to the
  customer and transfer the call to the official
  phone number.

21
Step 4 Risk Tracking

• Use the completed risk assessment document to
  begin monitoring the current situation
• Trigger values
• Risks condition, consequence, probability, or
  impact
• Progress of a mitigation plan

22
Monitoring Changes

• Situation
• A month after the phone system is implemented,
  80 of all phone calls to support technicians are
  direct-dial only 20 use the official process.
• Has the condition changed? No
• Have the consequences changed? No
• Has the probability changed? Yes
• Has the impact changed? No
• Is the mitigation plan still appropriate? No
• Is the trigger still appropriate? Yes
• Is the contingency plan still appropriate? Yes

23
Step 5 Risk Control

• React to the changes noticed in Step 4
• Execute mitigation plans and assess their
  progress
• Execute contingency plans if triggers are true
• Update the top risks list
• Retire risks that are no longer a concern

24
Controlling by Acting on the Changes

• Situation
• Management investigates why the mitigation plan
  isnt working. End users report that the new
  phone systems automated routing feature is so
  complex that they hate using it, and instead dial
  technicians directly.
• Management takes an action item to update the
  mitigation plan instead of simply asking
  customers not to call, theyll simplify the phone
  routing system and tell customers about these
  improvements.

25
MOF Process Model
26
MOF Team Model Role Clusters
Communication
27
The 5-step Risk Management Process
28
Reference

• ITIL
• Essentials
• Practitioner
• Service Manager
• MOF Essentials (available)
• MOF Changing Operating Quadrants Microsoft
  Official Curriculum (MOC)
• Link
• http//www.microsoft.com/technet/itsolutions/mof/m
  oftool/default.asp
• http//www.microsoft.com/mof

29
Reference

• Link
• Microsoft????(MOF) Essentials??
• http//www.microsoft.com/china/enterprise/solution
  s/msm/evaluation/overview/mofessentials.asp
• Microsoft ???? (MOF) ????(????)
• http//www.microsoft.com/china/technet/MAINTAIN/mo
  fovrv.asp
• ?????MOF????
• http//www.microsoft.com/china/technet/itsolutions
  /techguide/mof/moftml.mspx
• Microsoft????(MOF)Changing Quadrant??
• http//www.microsoft.com/china/enterprise/solution
  s/msm/evaluation/overview/chgquadcourse.asp
• MOF ??????
• http//www.microsoft.com/china/technet/itsolutions
  /techguide/mof/moftool.mspx

30
Reference

• Active Directory Operations Guide
• http//www.microsoft.com/windows2000/techinfo/admi
  nistration/activedirectory/adops.asp
• Security Operations Guide for Exchange 2000
  Server
• http//www.microsoft.com/technet/security/prodtech
  /mailexch/opsguide/default.asp
• Security Operations Guide for Windows 2000 Server
  
• http//www.microsoft.com/technet/security/prodtech
  /windows/windows2000/staysecure/default.asp
• Microsoft Operations Manager 2000 Operations
  Guide
• http//www.microsoft.com/technet/prodtechnol/mom/m
  aintain/operate/opsguide/default.asp
• Microsoft Systems Management Server 2.0 Product
  Operation Guide
• http//www.microsoft.com/technet/prodtechnol/sms/m
  aintain/operate/smspog.asp
• MOF Self-Assessment tool
• http//www.microsoft.com/technet/itsolutions/mof/m
  oftool.asp
• The Windows 2000 Operations Guide Series
• http//www.microsoft.com/technet/prodtechnol/windo
  ws2000serv/maintain/opsguide/opsguide.asp
• Patterns and practices books
• http//shop.microsoft.com/practices/

31
TechNet????

• ??????,????????
• ??IT ??????,TechNet ????????,???????????,?????????
  ??????

• ??????????? DVD??CD
• ????????,??????????????????

??TechNet

• ??????? www.microsoft.com/china/technet
• ???????
• ??--????????

TechNet ??

• ?????????????
• ????, ??????

TechNet ??????

• ????????????????
• ????, ???????

TechNet ?? ?????

• ???
• ???????

????
32
?????????? TechNet?

• ??TechNet?????www.microsoft.com/China/technet
• ??TechNet?? www.microsoft.com/china/technet/aboutt
  n/subscriptions/flash.mspx
• ????????? http//www.microsoft.com/china/communit
  y/
• ?? TechNet???
• www.microsoft.com/china/technet
• ??????TechNet?????????www.microsoft.com/china/tec
  hnet

33
????,?????!