ITIL Essentials (Foundation) Course Aroonrat Chinwonno Sakul Tunboonek

1
ITIL Essentials (Foundation) CourseAroonrat
ChinwonnoSakul Tunboonek
2
What is ITIL ?

• ITIL (Information Technology Infrastructure
  Library) is
• Documentation for IT Server Management Best
  Practice
• Framework for any IT organization to develop its
  support model
• ITIL is NOT a technology specific
• ITIL has been well established in UK and Europe,
  and was used as a groundwork in developing
  BS15000/ISO20000
• BS15000/ISO20000 is (the first) worldwide
  standard for IT service management
• ITIL recommends ADOPT AND ADAPT approach

3
What companies ADOPT and ADAPT ITIL ?

• Microsoft ADOPT and ADAPT ITIL into its
  Microsofts Operations Framework (MOF)
• HP ADOPT and ADAPT ITIL into its HPs IT
  Service Management Reference Model
• In US, implementing of ITIL provides an
  acceptable structure to meet many of
  Sarbanes-Oxley Act audit requirements
• Many companies are now regularly requesting ITIL
  compliance in bids and requests for service
  improvement
• Forrester Research reports that 13 of
  corporations with revenue exceeding 1 billion
  had adopted ITIL by the end of 2005. By late
  2006, that will have expanded to 40, then to as
  high as 80 by 2008.

4
What ITIL can mean to us ?

• Understand what ITIL is
• What are the (ITM Objectives) we want to
  implement ITIL

To reduce unexpected system downtime - Implement Change Mgnt to ensure that system changes are properly plan - Implement Incident Mgnt to ensure minimum business impact - Implement Problem Mgnt to develop known error database
To increase user satisfaction level - Implement Service Desk SPOC with SLA , and metric
To find more time to do IT planning (80/20), Difficult to get control Implement ITIL as a whole Each module is able to be measured You cannot control what you cannot measure.

• However the ultimate is to serve the Corporate
  Business goals (CEO) to
• Increase efficiency and create value to Business
• Reduce cost

5
ITIL Elements

• Service Support concentrates on day to day
  operation and support
• Service Delivery looks at planning and
  improvement of IT service

Service Support Service Delivery
Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt
Release Mgnt Security Mgnt
6
Standard Definitions

• Customer recipient of a service usually
  Customer management has responsibility for the
  funding of the service
• Provider the unit responsibility for the
  provision of IT services
• Supplier a 3rd party responsible for supplying
  or supporting of underpinning elements of the IT
  services
• User the person using the service on a daily
  basis

7

• What questions do you have?

8
ITIL Essentials (Foundations) Course

• First Part Service Support

9
Service Delivery Agenda
Service Support Service Delivery
Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt
Release Mgnt Security Mgnt
10
Service Desk
11
Service Desk - Roles

• ITIL views Service Desk as a Vital function
  rather than as a process
• Service Desk is the Central Point of Contact
  between users and the IT service model
• A first positive or negative impression is
  perceived upon Service Desk performance and
  attitude
• Service Desk in ITIL is more than just a
  Helpdesk. Service Desk has broader role of the
  front line support with more organizations
  looking to radically increase the percentage of
  calls closed at first point of contact FIXED ON
  FIRST -

12
Service Desk - Responsibilities

• Receive and Record all calls from Users (a ticket
  created) deal directly with simple requests and
  complaints - Incident calls - Service
  requests - IT service information, FAQ such as
  how to order equipment, how to request a
  software installation
• Provide initial assessment of all incidents make
  first attempt at Incident resolution and/or
  escalate to 2nd level support, based on agreed
  SLA
• Once escalated, monitor the tickets according to
  SLAand Keep users informed on the status and
  progress

13
Service Desk - Responsibilities

• Produce Service Desk Management reports
• Highlighting user requirements such as training
  to assist with service improvement
• Perform basic operational functions such as
  password resets, backup and restore
• Perform Infrastructure monitoring such as Data
  Center environmental check, System backup status,
  Server-LAN-WAN status (receiving alerts from
  automated tools)

14
Service Desk - Tools

• Remedy (BMC), Tivoli (IBM), Openview (HP)
• Knowledge base
• ACD (Automated Call Distribution)
• IVR (Interactive Voice Response)

15
Service Desk - Types

• Local Service Desk- Distributed Service Desk on
  each site
• Central Service Desk- Centralized, or Regional
  Helpdesk
• Virtual Service Desk- Global, Follow the Sun
  concept

16

• What questions do you have?

17
Incident Management
18
Incident Management

• Purpose
• To restore normal service operation as quickly as
  possible with minimal disruption to the business
• Definition
• Incident is an event which is not part of
  standard operation service and cause interruption
  or reduction in quality of service
• Incident Management process is usually owned by
  Service Desk ,and later can transferred to
  Incident Manager (IM)

19
Incident Management

• Incident Priorities ITIL defines
• Priority Urgency Impact
• Urgency How soon the problem needs resolution
• Impact How many or how large business service
  is effected
• Priority in many practical term is called
  Severity

20
Incident Management Severity Level

• ltltCompany NamegtgtIncident Severity Definition

Incident Manager (IM) should be identified and
on board to take over the Sev1 and/or Sev2
incidents
21
Incident Management Incident Manager

• IMs roles
• Arrange a formal meeting of Support Group which
  are usually Problem Management, and Service Desk
  teams
• Make common understanding of this incident
  management objectives
• To restore the service ASAP (also communicate
  SLA)
• To minimize the business disruption (consider
  workaround)
• Arrange any additional resources if required
• Be a communicator between Support Group and the
  Customer, so that the Support Group do not
  receive mixed directions

22
Incident Management - Escalation

• There are 2 types of escalation
• Functional escalation involving more specialist
  to help
• Hierarchical escalation means a vertical move
  is made through the organization because the
  authority are required

23

• What questions do you have?

24
Problem Management
25
Problem Management

• Purpose
• To minimize the adverse effect on the business of
  Incidents and problems cause by error in the
  infrastructure
• To proactively prevent the occurrence of
  incidents and problems
• Role
• - To diagnose the root cause of the incidents and
  to identify a permanent solution
• Definition
• Incident is an abnormal event which cause
  interrupt or impact
• Problem is an Unknown underlying cause of the
  incident
• Known Error is an problem which root cause has
  been determined

26
Problem Management - Definition
Error in Infrastructure Incident is an abnormal
event which cause interrupt or impact Problem A
problem describes an undesirable situation,
indicating the unknown root cause of the
Incident Known Error A known error is a problem
whose root cause has been determined Request
for Change (RFC) An RFC proposes a change. Eg. To
eliminate the known error
27
Problem Management Responsibilities

• Identify problems
• Investigate problems to resolution or error
  identification
• Raise RFC to clear error
• Advise IM of workaround for incidents for known
  errors
• Assist in Major incident to identify root cause
• Prevent the replication of problems across
  multiple system

28
Problem Management

• Problem Control Focus on transforming Problems
  into Known Error
• Error Control Focus on resolving Known errors
  via the Change Management process

IncidentManagement
ConfigurationManagement
Service LevelManagement
AvailabilityManagement
Information
Problem Management Problem Control -gt Error
Control
Workaround
RFC
Change Management
29

• What questions do you have?

30
Configuration Management
31
Configuration Management

• Asset Management
• Assurance the recorded CIs (Configuration Item)
  from receipt to disposal
• Not only Asset Management but also provide
  relationship among CIs
• CMDB (Configuration Management Database) is a
  single repository of information will be accessed
  across the Service Management process, and is a
  major driver of consistency between processes

32
Configuration Management

• Remedy ITSM 6.0
• Remedy Helpdesk 5.6
• Remedy Asset Management 5.6
• Remedy Change Management 5.6
• Remedy SLA 5.6
• BMC Atrium 6.3 CDMB

33
Configuration Management

• Configuration Baseline
• is a configuration of a system established at a
  specific point in time, and capturing both
  structure and details
• Created first time as a baseline
• Updated of CIs affected as changed by RFC
• Use as a point to fall back to if things go wrong

34
Configuration Management Relationship with
others
ERROR
INCIDENT
PROBLEM
KNOWN ERROR
CDMB
RFC
CHANGE AUTHORIZED
CHANGE IMPLEMENTED
35

• What questions do you have?

36
Change Management
37
Change Management

• Purpose
• To ensure that standardize method and procedure
  are used to handle all changes in order to
  minimize the impact of change-related incidents,
  and the improve the day-to-day operation of the
  organizations
• Input of RFC
• Required resolution of an incident or problem
• A proposed to add/change/remove a CI
• A proposed to upgrade the infrastructure
• Changes in business requirement or Policy
• Product or service changes from vendors/suppliers

38
Change Management - Roles

• Change Manager Roles
• Receive, Log, Assign priority to RFCs
• Reject RFCs which are impractical
• Consolidate, issue agenda of RFCs to CAB
• Chair CAB meeting
• Update authorized change status (post
  implementation)
• Produce Change Management report
• CAB (Change Advisory Board) Roles
• Review RFCs, ensure to evaluate of RFCs impact,
  implementation plan, resource plan, UAT, and
  Rollback plan
• Provide approval or not approval for the RFCs

39
Change Management - Types

• Standard pre-approved Changes
• An accepted solution to an identifiable and
  relatively common set of requirements, where
  authority is effectively in advance of
  implementation. E.g. setting up access profiles
  for a new employee
• Urgent Changes
• A change that requires immediate action in the
  managed IT environment and cannot be executed
  through the normal change/authorization process
• Most of urgent changes are reactive changes E.g.
  Urgent RFCs from Problem Management to fix error
  (during the incidents)IT organization should
  also identify process to handle such urgent
  change such as who can be CAB to approve the
  urgent changes, a minimum steps qualifying to
  approve such urgent changes

40
Change Management Abuse of Urgent change

• Do NOT request Urgent Change for
• Would be nice to have completed early
• Was accidentally submitted too late for the CAB
• Attempting to avoid all of the planning processes
• To compensate for poor planning
• Note An Urgent Change should be avoided if
  possible and used only when required. Urgent
  Changes skip the normal planning and
  communication process, many urgent changes
  request for approval over the telephone. Approval
  of the RFCs in such situation can cause
  instability in the production environment.

41

• What questions do you have?

42
Release Management
43
Release Management - Purpose

• To take a holistic view of a change to an IT
  service and ensure that all aspects of a release,
  both technical and non-technical, are considered
  together.
• PROTECTS THE PRODUCTION ENVIRONMENT

44
Release Management

• Usually Release Management will be used for
• Large or critical hardware / software roll out
• Bundle relates set of changes
• Release Management
• is concerned with implementation, unlike Change
  Management, which is concerned with verification
• particularly useful in distributed multi-tier
  environments, where an implementation may consist
  of a number of different components supported by
  different technology domains, which need to be
  coordinated

45
Release Management

• Responsibilities
• Plan the rollout of software and related
  hardware.
• Create procedures for the distribution and
  installation of changes to IT systems
• Communicate and manage customer expectations
  during the planning and rollout of releases
• Implementing new releases into the operational
  environment using the controlling processes of
  Configuration and Change Management.
• Ensuring that master copies of all software are
  secured in the Definitive Software Library (DSL)
  and that the Configuration Management Database
  (CMDB) is updated

46
Release Management Functions and Roles

• Release Management staff
• In most of companies the Release Management
  function may well be combined with several other
  Service Management disciplines, in particular
  Change Management and Configuration Management.
• In a larger organization there may be dedicated
  Release Management staff for particular systems.

47
Release Management - Activities
A Release is a collection of authorized changes
into an IT environment
48
Release Management Process Relationships
Problem Management
Incident Management
RFC
Change Management
Approved RFC New projects HW and SW
Incidents
Release schedules
Release Management
Service Desk
Release schedules
Configuration Management

• Configuration
• assets
• relationships

Release schedules
Service Level Management

• Monitoring
• software
• availability

Service Delivery
CpM AvM SCM
49
Release, Change and Configuration Management
Change mgnt ensuresthat new/modified CIs are
implemented to Production environment properly
Change Management
Change Mgnt ensuresthat Configuration Itemsare
accurate due to changes
Release Management
Configuration Mgnt ensuresthat Release Mgnt use
thecorrect CIs version
Configuration Management
50

• What questions do you have?

51
ITIL Essentials (Foundations) Course

• Second Part Service Delivery

52
Service Delivery Agenda
Service Support Service Delivery
Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt
Release Mgnt Security Mgnt
53
Service Delivery - Overview
BUSINESS / USERS
SERVICEDELIVERY
Service Level Management
IT Service Continuity Management
Financial Management
COSTS
RISK
Security Management
Availability Management
Capacity Management
TECHNOLOGY
54
Service Delivery

• Service Delivery looks at the long term planning
  and improvement of IT service provision, which
  will also improve efficiency and the achievement
  of business goals.
• There are five processes within the Service
  Delivery umbrella and they are
• Service Level Management
• Financial Management for IT Services
• Capacity Management
• IT Service Continuity Management
• Availability Management.
• Security Management sits under the Information
  Security umbrella but will be addressed today due
  to the criticality of information security in
  todays IT environment.

55
Service Level Management - Purpose

• To maintain and improve IT service quality
  through a constant cycle of agreeing, monitoring
  and reporting upon IT Service achievements and
  the instigation of actions to eradicate poor
  service, in line with business or cost
  justification.
• SERVICE DEFINITION AND STANDARDS

56
Service Level Management - Role

• Service Level Management
• is essential in any organization so that the
  level of IT service needed to support the
  business can be determined, and monitoring can be
  initiated to identify whether the required
  service levels are being met.
• is a client facing role, where regular lines of
  communication are maintained between the IT
  service provider and the IT customer
• process is responsible for ensuring Service Level
  Agreements (SLAs) and Operational Level
  Agreements (OLAs) or underpinning contracts (UCs)
  are met

57
Types of Agreements and Contracts
Internal/External Customers
IT Service Level Management
Internal Suppliers and Maintenance Personnel
External Suppliers and Maintenance Personnel
58
Service Level Management - Activities
59
Service Catalogue

• A list of all services
• The characteristics of each service
• Information on the use of the service

60
Contents of a Service Level Agreement

• Scope of the agreement
• Service description
• Signatories
• Date of next review
• Service hours
• Service availability
• Support levels
• Performance
• Security

• Functionality
• Charges
• Change procedure
• Contingency
• Anticipated growth
• Restrictions
• Training
• Change procedure for the Service Level Agreement

61
Service Level Management - Benefits

• IT services are designed to meet expectations
  outlined in SLRs
• Service performance can be measuredReporting is
  Critical to the success of Service Level
  Agreements
• If charged, customers can draw a balance between
  service costs and required quality
• The IT organization can control resource
  management and reduce costs in the long term as
  the organization can specify the required
  services and components
• Improved customer relationships and satisfaction

62
Service Level Management Process Relationships
Service Desk
Service Support
Incident Management
Problem Release
Incidents RFC
Change Management
Configuration Management
Service definitions
SLAs OLAs
Third Party Suppliers
Service Level Management
SLAs
Customer
SLRs
UCs
SLAs OLAs
Service Delivery
Capacity Availability Continuity
Finance
Planning
63
Service Level Management
SLR - Service Level Requirement
COMPANY
FIN
SCM
METRICS
SLA - Service Level Agreement
CEO
SERVICE MGMT
AVM
SLR
CAP
UC
SLA
Suppliers
SLM
Suppliers
Suppliers
Suppliers
SLR
OLA
End User
IM
PM
SERVICE DESK
CHG
OLA - Operational Level Agreement
CFG
REL
UC - Underpinning Contract
IT ORGANISATION
64

• What questions do you have?

65
Financial Management for IT Services
66
Financial Management for IT Services - Purpose

• To provide cost effective stewardship of the IT
  assets and the financial resources used in the IT
  services provided.
• CONTROL AND RECOVER IT COSTS

67
Financial Management for IT Services Role

• Financial Management is responsible for
• Accounting for the costs (costing) and return on
  IT service investments (IT portfolio management),
  and
• Budgeting defining and implementing IT
  budgetary process
• Charging - for any aspects of recovering costs
  from the customers (charging).

68
Financial Management for IT Services Functions
and Roles

• Finance Manager
• Responsibility for
• Managing the IT budget
• Gathering suitable cost data to develop a cost
  model
• Preparing regular bills for the customer
• Note
• The Finance Manager for IT Services may not
  necessarily be a dedicated resource.
• The process may have an owner within the IT
  department who liaises with the Finance
  department of the organization and senior IT
  managers, particularly those responsible for
  service level management.

69
The Costing, Charging and Budgeting Cycle
Business ITrequirements
IT operational plan(inc. Budgets)
Cost analysis(Accounting)
Charges
Financial targets
Costing models
Feedback of proposedcharges to business
Charging policies
70
Cost Model

• A framework in which all known costs can be
  recorded and allocated to specific Customers,
  activities or other categories
• Several types
• Cost-by-service, activity (Activity Based
  Costing), Customer or location
• Define the Cost Unit for services or activities
  (transaction, minute, CPU-seconds, storage,
  incident, change, etc.)

71
Pricing Policy

• Market price the price charged by external
  suppliers
• Going rate comparable to other internal
  organizations
• Cost plus input cost plus uplift
• Cost total cost of ownership
• Fixed price negotiated price for a fixed period

72
Financial Management Process Relationships

• Purpose
• Activities
• Benefits
• Relationships Between Processes
• Potential Challenges/Problems
• KPIs

Customer
Services
Service Level Management
Service Support
Performance Usage
Cost model Charging
Budget Spend
Configuration Management
Business Relationship Management
Financial Management
Changes with cost affects
Cost model Charges
Service Delivery
Capacity Management
Performance Usage
73

• What questions do you have?

74
Capacity Management
75
Capacity Management - Purpose

• To ensure that cost justifiable IT capacity
  always exists and that it is matched to the
  current and future identified needs of the
  business.

76
Capacity Management Functions and Roles

• Capacity Manager
• Reporting on current usage of resources, trending
  and forecasts for future usage
• Identifying needs for increases or reductions in
  hardware based on SLR and cost
• Performance testing of new systems
• Sizing all proposed new systems to determine
  resources required.
• Assessing new technology or products which may
  improve efficiency of the capacity process.

77
Input and Output Data Requirements
78
Sub-Processes

• Resource Capacity Management
• Monitor, analyze, run and report on the
  utilization of components, establish baselines
  and profiles of use of components
• Service Capacity Management
• Monitor, analyze, tune, and report on service
  performance, establish baselines and profiles of
  use for services, manage demand for services
• Business Capacity Management
• Trend, forecast, model, prototype, size and
  document future business requirements

79
Capacity Management Process Relationships
Service Level Management
Monitoring Reporting
Incident Management
Requirements
Service Support
Problem Management
SLR
Plans
Requirements
Capacity Management
Customer
Change Management
Plans
Plans
Availability Continuity
Service Delivery
Planning
80

• What questions do you have?

81
IT Service Continuity Management
82
IT Service Continuity Management Purpose

• To support the overall Business Continuity
  Management process by ensuring that the required
  IT technical and services facilities can be
  recovered within required and agreed business
  timescales.
• KEEP THE BUSINESS IN BUSINESS

83
IT Service Continuity Management Functions and
Roles

• The primary goal of ITSCM Manager is to implement
  and maintain the ITSCM process in accordance with
  the overall requirements of the organization's
  Business Continuity Management (BCM), and to
  represent the IT services within the BCM
  function.

84
Thoughts that should avoid

• Too expensive
• Disaster unlikely to happen
• More important things to do
• We will muddle through
• Unaware of the business risks
• Thought that should have.
• MURPHY LAWAnything can go wrong , will go wrong
• You cannot control what you cannot measure,
• You cannot recover what you have not planned.

85
IT Service Continuity Management Functions and
Roles
Role Roles in Normal Operation Roles in Crisis Situation
Board Level Initiate IT Service Continuity, set policy, allocate responsibilities, direct and authorize Crisis Management, corporate decisions, external affairs
Senior Management Manage IT Service Continuity, accept deliverables, communicate and maintain awareness, integrate across organization Co- ordination, direction and arbitration, resource authorization
Junior Management Undertake IT Service Continuity analysis, define deliverables, contract for services, manage testing and assurance Invocation, team leadership, site management, liaison and reporting
Supervisors and Staff Develop deliverables, negotiate services, perform testing, develop and operate processes and procedures Task execution, team membership liaison
86
IT Service Continuity Management Activities
Stage 1 - Initiation
87
IT Service Continuity Management Risk
Reduction and Recovery Options

• It is rare that an organization will choose only
  risk reduction (prevention measures) or recovery
  options. Generally a combination of reducing
  risks to assets with greatest vulnerability or
  with higher business impact with a recovery plan
  will be implemented.
• Recovery Options
• Do nothing
• Return to manual systems
• Gradual recovery (cold stand-by) (72 hrs)
• Intermediate recovery (warm stand-by) (24-72 hrs)
• Immediate recovery (hot start, hot stand-by) (lt24
  hrs)
• Combinations

88
Gradual Recovery Facilities (cold standby 72
hours)

• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications

Does not include ANY computing equipment
89
Intermediate Recovery Facilities(warm standby
24-72 hours)

• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications
• Operations, system management and technical
  support
• Processors, peripherals, communications equipment
  and / or operating systems

90
Immediate Recovery Facilities (hot standby lt24
hours)

• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications
• Operations, system management and technical
  support
• Processors, peripherals and communications
  equipment
• Operating systems, applications and data mirrored
  from the operational servers

91
IT Service Continuity Management Process
Relationships
Exercise / Service Recovery
Service Level Management
Incident Management
Problem Management
Service Support
SLR
Requirements
Plans
Change Management
Requirements
Service Continuity Management
Customer
Plans
Configuration Management
Planning
Incidents
Service Desk
Capacity Availability
Event Monitoring
Service Delivery
Planning
92

• What questions do you have?

93
Availability Management
94
Availability Management - Purpose

• To optimize the capability of the IT
  infrastructure and supporting organization to
  deliver a cost effective and sustained level of
  availability that enables the business to satisfy
  its business objectives.
• ENSURE RESOURCES ARE AVAILABLE AND EFFECTIVE

95
The Availability Management Process
INPUTS
OUTPUTS
Business availabilityrequirements
Availability recovery designcriteria
Business impact assessment
IT infrastructure resilience assessment
Availability, reliability maintainability
requirements
Agreed targets for availabilityand
maintainability
Incident and problem data
Reports of availability, reliability
maintainability achieved
Configuration monitoring data
Availability monitoring
Service level achievements
Availability Plan
96
Availability Management Terminology

• Availability - is the ability for an IT Service
  or component to perform its required function at
  a stated instant or over a stated period
• Reliability the tendency of an IT Service or
  component not to fail (i.e. how long can it
  perform)
• Resilience the ability of the component to
  continue providing the service even though some
  piece is no longer functioning (i.e. fault
  tolerance)
• Maintainability - is the ability to retain or
  restore an IT Service or component to an
  operational state (internal)
• Serviceability - as Maintainability but for
  external suppliers
• Security - Confidentiality, Integrity and
  Availability of the services and associated data
  an aspect of overall availability
• Confidentiality, Integrity and Availability (CIA)
  the basis of security

97
Availability Management Terminology Basic
Availability Calculation
(2 of 2)

• (Agreed service time downtime)
• Availability ____________________________ x
  100
• Agreed service time

Remember the definition of a "Service
98
Availability Management Activities

• Designing for availability (Proactive
  perspective)
• The technical design of the IT infrastructure and
  the alignment of the internal and external
  suppliers required to meet the availability
  requirements of the service
• Designing for recovery (Reactive perspective)
• The design points required to ensure that in the
  event of an IT service failure, the service can
  be reinstated to resume normal business
  operations as quickly as possible

99
The Monetary Impact of Unavailability
100
Calculating Availability
101
Availability Management Process Relationships
Downtime Monitoring
Service Level Management
SLA Monitoring
Incident Management
Cause
Problem Management
Service Support
SLR
Plans
Change Management
Requirements
Availability Management
Customer
Change
Plans
Configuration Management
Planning
Incidents
Service Desk
Event Monitoring of Downtime
Service Delivery
Capacity Continuity
Planning
102

• What questions do you have?

103
Security Management
104
Security Management - Purpose

• Security Management is the process of managing a
  defined level of security on information and IT
  services. It has links with all processes
• It also includes managing the reaction to
  security incidents.
• Security Management has two objectives
• To meet the security requirements of SLAs and
  other external requirements further to contracts,
  legislation and externally imposed policies.
• To provide a basic level of security,
  independence and external requirements.
• PROTECT DATA

105
The Cost of Security Incidents
Incident Type 1999 2004
Proprietary Information 1,847,652 11,460,000
Fraud 1,470,592 7,670,500
Denial of Service 116,250 26,064,050
Virus 45,465 55,053,900
Insider Access 142,680 4,278,205
Laptop Theft 86,920 6,734,500
Total losses reported in the 2004 report was
141,496,560
Source CSI/FBI Computer Crime and Security Survey
106
Security Management - Role

• Confidentiality
• protecting the business information from failure
  and attack
• is more than locking server rooms or insisting on
  password discipline.
• Integrity
• timeliness or correctness require careful
  consideration of information flows and
• safeguards against incorrect values
• Availability
• maintaining the uninterrupted operation of the IT
  organization
• also helps to simplify Information Security
  Service Level Management, as it is much more
  difficult to manage a large number of different
  SLAs than a limited one.

107
Security Management Activities

• Plan
• Establish the structure of the Security section
  of the Service Level Agreements, Operational
  Level Agreements and Underpinning Contracts
• Establish the security baseline (or minimum
  security standards)
• Implement
• Establish and maintain security awareness
• Establish the procedures to identify and classify
  security incidents
• Establish the procedures to handle security
  incidents
• Evaluate
• Conducting security audits
• Using Internal resources
• Using External resources
• Self assessment (using Security Management
  resources)
• Ongoing review and analysis of security incidents
• Control
• Establish the structure and controls for security
  functions
• Defines the roles responsibilities (including
  the line of command)
• Maintain
• Ensure the continuity of security measures
• Update to the security handbooks

108
Security Management Process Relationships
Incidents
Service Level Management
SLA Monitoring
Incident Management
Virus
Problem Management
Service Support
SLR
Plans
Change Management
Requirements
Security Management
Customer
Change
Plans
Configuration Management
Planning
Incidents
Release Management
Service Desk
Attacks
Capacity Continuity Availability
Service Delivery
Planning
109
Quick Review
110
ITIL Process Linkages
111
Attitude Change
112
Roles that could be combined

• Configuration Management and Release Management
• Configuration Management and Change Management
• Service Level Management and Financial Management
  for IT Services

?
113
Roles that should not be combined

• Problem Management and Incident Management
• Problem Management and Change Management
• Capacity Management and Availability Management

114
Some Useful Websites
http//www.ogc.gov.uk The OGC the organization that publishes the ITIL books
http//www.itil.co.uk ITIL UK Official Web Site
http//www.itilexams.com/ Loyalist College Belleville, Ontario ITIL Certification Agent
http//www.itsmf.com The global IT Service Management Forum site
http//www.itsmfusa.org/mc/page.do The ITSMF US site
http//www.itsmf.ca/ ItSMF Canada Site IT Service Management Forum - check out Event/Presentation for local context and players.
http//www.pultorak.com/pcbit/itsm.htm General ITSM information and white-papers
http//www.staytech.com/ Ottawa based ITIL Services/Training provider Links contains a good selection of ITIL Information/Solution providers
http//www.nextslm.org/ Tools, newsletters, and white-papers on ITSM
115

• What questions do you have?

116

• Go home!